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ABSTRACT 


The  thesis  contains  two  parts  which  are  self-contained 


In  Part  ^  we  present  several  results  on  the  relation 


1,  the  problem  of  termination  and  equivalence  of  programs  and 
abstract  programs,  and 

2,  the  first  order  predicate  calculus. 

Part  jj)  is  concerned  with  the  relation  betweer^ 

1.  the  termination  of  interpreted  graphs,  and 

2,  properties  of  well-ordered  sets  and  graph  theory, 
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about  the  equivalence  of  abstract  programs  can  be  obtained  Just  by 
applying  well-known  results  In  logic. 

The  corresponding  result  for  programs  suggests  a  new  approach  for 
proving  the  equivalence  and  correctness  of  Veal*  programs. 


Chapter  5  is  concerned  mainly  with  the  strong  termination  of 
non-determln  1st  Ic  programs  and  non-determ  In  1st  I  c  abstract  programs. 

In  a  non-determ  In  1st  I c  program  an  assignment  of  values  to  Its 
Input  variables  does  not  necessarily  define  a  unique  execution  of  the 
program,  A  non-determln  1st  I  c  program  Is  said  to  terminate  strongly 
If  for  each  assignment  of  values  to  i+s  incv  variables  all  possible 
executions  terminate. 

The  results  of  this  chapter  are  a  generalization  of  the  results 
obtained  In  Chapter  3,  These  results  have  an  application  In  proving 
the  convergence  of  recursively  defined  functions. 


I 


INTRODUCTION 


In  this  port  of  the  thesis  we  shall  present  several  results  on  the 
relation  between: 

1.  the  problem  of  termination  and  equivalence  of  programs  and 
abstract  programs,  and 

2.  the  first  order  predicate  calculus. 


An  abstract  program  (program  schema)  is  a  program,  but  with 
function,  predicate  and  constant  symbols,  instead  of  specified 
functions,  predicates  and  constants.  Thus,  an  abstract  program  AP 
may  be  thought  of  as  representing  a  family  of  (real)  programs.  By 
specifying  an  Interpretation  3  for  the  symbols  of  AP,  a  program  (AP,3> 
of  this  family  Is  obtained.  The  program  contains  a  set  of  input 
variables.  Each  assignment  of  values  to  the  input  variables  defines 
a  (unique)  execution  of  the  program. 


Chapter  I  (Mathematical  Background)  and  Chapter  2  (Definitions) 


are  introductory  chapters 
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— a^ter  3  ,s  concerned  with  the  termination  problem  of  programs 
and  abstract  programs.  A  program  <AP,3>  Is  said  to  terminate  If  all 
possible  executions  of  the  program  terminate.  An  abstract  program  AP 
is  said  to  terminate  If  for  every  interpretation  3,  the  program  (AP,3> 
term i nates. 

Given  an  abstract  program  AP,  an  algorithm  Is  described  to 
construct  a  well-formed  formula  WAp  of  the  first  order  predicate 
calculus,  such  that  AP  terminates  if  and  only  If  *Ap  Is  unsatlsf  labls, 
l.e.,  ~WAp  is  valid.  This  Implies  that  conclusions  about  the 
termination  of  abstract  programs  can  be  obtained  just  by  applying 
well-known  results  In  logic. 

A  correspond Ing  result  for  programs  Is  presented. 


2*Bl2£  4  Is  concerned  with  the  equivalence  problem  of  programs 
and  abstract  pregrams. 

Two  programs  CAP, 3)  and  (AP',3)  are  said  to  be  equivalent  If 

their  'corresponding*  execution  sequences  always  terminate  and  give 

the  same  final  value.  Two  abstract  programs  AP  and  A P»  are  said  to 

be  equivalent  If  for  every  interpretation  3,  the  corresponding 

programs  (AP,3)  and  (AP',3)  ar a  equivalent. 

Given  two  abstract  programs  AP  and  AP',  an  algorithm  Is  described 

to  construct  well-formed  formula  WAp  Apl  of  the  first-order  predicate 

calculus,  such  that  AP  and  AP'  are  equivalent  If  and  only  If  W 

AP,AP' 

Is  unsatlsf  table,  l.e.,  ~WAp  Ap,  is  valid.  Consequently,  conclusions 
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CHAPTER  Is  MATHEMATICAL  BACKGROUND 


I . I  (First-Order)  Predicate  (?a  leu  lag. 

In  this  section  we  shall  partially  follow  the  exposition  of  Davis 

and  Putnam  [I960]. 


The  symbols  of  which  our  formulas  are  constructed  are 


(a)  Improper  symbols 

punctuation  marks 
logical  symbols 
primitive  constants 

(b)  Constants 

n-adlc  function  constants 

[ f®  are  ca I  led  Individual  constants] , 

n-adlc  predicate  constants 

[p°  are  called  propositional  constants]. 

(c)  Variables 

Individual  variables 

n-adlc  predicate  variables 

[q®  are  cal  led  propositlona  I  var  lab les] . * 1 ) 


f  (  ) 

V  *  3 
T  and  F. 

f"  (I  2:  I.  "  i 
p*j  Hi  I*  nj>0) 

x,  O  2  I) 

q"  ( i  i  I ,  n  £  0) 


1  tn  the  following,  we  shall 
and  a,  as  Individual  constants. 


use  also  y,  as  Individual  variables 


« 


5 


The  subscripts  and  the  superscripts  will  be  omitted  whenever  their 
omission  con  cause  no  confusion. 


Among  all  the  expressions  which  can  be  formed  using  these  symbols, 

we  distinguish  three  classes  which  ore  defined  recursively  as  follows; 

(a)  Terms 

I.  Each  Individual  variable  xf  and  each  Individual  constant  f° 

Is  a  term; 

2*  If  +r+2'**,#+n  (n  ^  ore  +erms#  then  so  Is  f”c+|,t2,...,tn); 

3,  The  terms  consist  exactly  of  the  expressions  generated  by  I 
and  2, 

(b)  Atom  I c  formulas 

I*  T,  F,  p^  and  q°  are  atomic  formulas, 

2*  If  +r+2##,,#+n  ^  ^  aro  f’erms,  then  the  expressions 

Pj  (+1  and  1  **2' "  *  °re  a^omlc  formulas, 

3.  The  atomic  formulas  consist  exactly  of  the  expressions 
generated  by  I  and  2. 

(c)  Mel  I  -formed  .formulas  (wff  »s) 

1,  An  atomic  formula  Is  a  wff. 

2,  If  R  Is  a  wff,  then  so  are  (x{)R  [ x f  Is  said  to  be 
universal  ly  quantified],  and  <gxf  )R  [x}  is  said  to  be 
existentla I ly  quantified], 

3,  If  R  and  S  are  wffs,  then  so  are  (R  z>  S),  (R  A  S),  (R  V  $), 
and  (R  ■  S), 
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4*  The  wff*s  consist  exactly  of  the  expressions  generated  by  I, 
2,  and  3. 


Parentheses  will  be  omitted  whenever  their  omission  can  cause  no 
confusion. 


An  occurrence  of  x^  In  a  wff  R  Is  a  bound  occurrence  If  it  Is  In 
a  wf-part  of  R  of  the  form  (Xj)S  or  (3Xj)S.  An  occurrence  of  x^  which 
is  not  bound  Is  called  a  free  occurrence,  x{  Is  free  in  R  If  It  has 
at  least  one  free  occurrence  In  R.  R  is  closed  If  it  has  no  free 
Individual  variables. 


Our  next  step  Is  to  single  out  from  the  class  of  wff*s  those  which 
are  logically  valid.  This  can  be  done  either  by  specifying  axioms  and 
rules  of  interference  or  by  referring  to  "interpretat Ions"  of  the  wff’s 
of  the  system,  and  by  a  basic  result  due  to  Godel  (Gftdel  Completeness 
Theorem)  both  of  these  procedures  will  lead  to  the  same  :lass  of 
formulas.  For  our  present  purposes  it  is  most  convenient  to  use  the 
latter  formulation  employing  nlnterpretat ion H, 


An  interpretation  for  a  wff  W  consists  of  a  non-empty  set  of 
elements  (called  the  domain  of  the  interpretation)  and  assignments 


to  the  constants  of  W: 
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1.  To  each  function  constant  f"  which  occurs  In  W,  we  assign  a 

tota I  function  of  n  variables  ranging  over  D  ,  whose  values 

o 

are  in  D^.  [if  n  =  0,  the  individual  constant  f°  Is  assigned 

some  fixed  element  of  D  .] 

\J 

2,  To  each  predicate  constant  p"  which  occurs  In  W,  we  assign  a 

tota  I  function  of  n  variables  ranging  over  D  ,  whose  values 

o 

are  T  or  F.  [if  n  =*  0 -  the  propositional  constant  p°  Is 
assigned  the  value  T  or  F.] 


Given  a  wff  W  and  an  Interpretat ion  3  for  W  [notation:  (W,3)]. 
An  assignment  T  for  (W,g)  consists  of  assignments  to  the  variables 
of  W: 


1.  To  each  free  Individual  variable  x.  in  W,  we  assign  some 
fixed  element  of  D^. 

2.  To  each  predicate  variable  q"  which  occurs  in  W,  we  assign  a 

tota I  function  of  n  variables  ranging  over  D  ,  whose  values 

o 

are  T  or  F.  [if  n  =  0,  the  propositional  variable  q°  is 
assigned  the  value  T  or  F.] 


Let  W  be  a  wff.  Then  given  an  i nf . rpretat ion  3  f°r  W  and  an 
assignment  T  for  CW ,3)  [notation:  (W/^T)],  a  value  T  or  F  will  be 
assigned  to  (W,3,D.  This  value  is  obtained  simply  by  using  the 
assignments  of  3  and  F,  interpreting  F  as  falsehood  and  T  as  truth, 


using  the  usual  truth  tables  of  A,  V,  o,  and  a,  and  interpreting 
the  universally  and  existentially  quantified  variables  in  the  standard 
way. 


(W#3>  is  sa  id  to  be: 

|.  valid,  If  for  every  assignment  T ,  (W,3#n  has  the  value  T. 

2.  satisf  iable  (or  consistent),  if  (W,3,D  has  the  value  T  for  some 
assignment  T. 

3.  unsatlsf  Iable.  If  it  is  not  satisfiable. 

Clearly,  (W,3)  is  va  I  Id  if  and  oniy  if  (~W,3)  is  unsat  isf  lab  le. 

A  wf  f  W  is  sa  Id  to  be: 

1.  va  1  1  d .  if  for  every  interpretation  3,  (W,3)  is  valid. 

2.  satisfiable  (or  consistent),  if  (W,3>  is  satisfiable  for  some 
interpretation  3. 

3.  unsat isf iab le .  if  it  is  not  satisfiable. 

Clearly,  W  _[s  valid  j_f  and  only  j±  dl  ll  unsatisf  iab  le. 


A  wff  is  called  quantifier  free  if  it  contains  no  occurrence  of 
(Xj)  or  (3Xj). 

A  wff  is  in  prenex  >rma  I  form ,  if  It  begins  with  a  sequence  of 
quantifiers  (x.)  and  (3x.)  in  which  no  variable  occurs  more  than  once 
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»"<’  »  **•  »«.»=.  I.  MM  „v  ,  Wlrt,„„ 
free  wff  (called  the  matriy. 


The  disjunction  of  the  wff »s  R(,R2, 


and  Rn,  n  ^  |,  |s  the 


R,  V  R2  V  ...  V  Rn;  their  conjunction  Is  the  wff  R(  A  R2  A  ...  A  Rf). 

A  literal  Is  a  wff  which  is  either  an  atonic  formula  or  of  the 
form  ~R,  where  R  Is  atomic. 

A  2  Is  a  disjunction  R,  V  R2  V  ...  V  Rn  in  which  each  R( 

Is  a  literal  and  in  which  no  atonic  formula  occurs  twice. 

A  conjunction  of  clauses  is  said  to  be  a  wff  in  con  junction 
-norma  I  form. 


Let  W  be  a  wff  |„  prenex  normal  form.  Then  tfce  junctional  forjn 
SliL  Is  defined  as  follows: 

Let  the  variables  in  the  Drefl*  u  *  a  , 

me  prerix  of  W  (in  order  of  occurrence)  be 

xrX2'"*'V  Le+  +he  existentially  quantified  variables  In  the 

prefix  be  x  x  v  , 

I,  i2'”*'  i  *  Then  for  every  j,  I  ^  j  <  M: 


1.  the  quantifier  fcx^)  ls  to  be  deleted  from  the  prefix,  and 

2.  each  occurrence  of  x,  in  the  matrix  of  W  is  to  be  replaced 

by  an  occurrence  of  the  term  f«  (x^ . xR  ),  where 

(xk2)','*'(xk  >*  R  ^  0,  are  all  the  universal 
quantifiers  that  precede  <3x  )  in  the  prefix  of  W  and  f« 

J  1  i 
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Is  the  first  q-adlc  function  constant  which  does  not  occur 
In  W  and  has  not  been  used  previously  In  this  process. 

We  shall  use  the  following  known  result: 

W  J_s  satlsf  lab  le  if  and  only  i  f  Its  funct  Iona  I  form  Is  sat  Isf  fable. 


II 


1.2  The  jVobjem  of  the  Predicate-Calculus 

Hl£  validity  ^roblan  of  £redlc^-cajcuLus  ,s  undecldabl<<, 
Th»t  is,  there  can  be  no  algorithm  which  takes  as  Input  any  wff  and  In 
C8SeS  +erm,na+es  «  decision  as  to  whether  the  wff  is  valid  or 

not. 

But,  the  vaMdltI-£roblem  of  the  predicate-calculus  _is 

isi-asiasbu.  n», ,r. 

-.Id.  1*.  ..  i»po,  „  th. 

,M  "'9°rltta  •**  »v  »;  >2)  i>  th.  .ft  ffl, 

algorithm  will  never  stop. 

The  algorithms  have  undergone  successive  reductions  so  that  by 
now  they  have  a  slmp.e  structure.  this  work,  we  shall  use  one 
recent  algorithm  based  on  the  resolution  ^rincifcle  (Robinson  [1965]). 


Though  the  validity-problem  of  the  predicate-calculus  Is  undecidable 
there  nevertheless  exist  classes  of  wffs  for  which  the  problem  Is 
decidable.  For  example,  the  validity-problem  Is  decidable  for  the 


following  three  classes:  ^ 


<•  W,  -  [wlw  is  a  wff  In  prenex-norma I  form,  without  function 
constants,  and  with  prefix  of  the  form  V...V3...gj, 
2.  W2  -  [wlw  Is  a  wff  in  prenex-norma I  form,  without  function 
constants,  and  with  prefix  of  the  form  V...V3V...V], 
W3  -  [wlw  is  a  wff  in  prenex-norma  I  form,  without  function 

constants,  and  with  prefix  of  the  form  V...V33V...VJ. 


See  Ackermann  [1954]  or  Church  [1956]  Section  46. 


I .3  Directed  Graphs 

A  directed  graph  G  Is  an  ordered  triple  <V,L,A>  where: 

1.  V  Is  a  non-empty  set  of  elements  called  the  vertices  of  G; 

2.  L  Is  a  non-empty  set  of  elements  called  the  labels  of  G;  and 

3.  A  Is  a  set  of  ordered  triples  (v,jt,v*),  where  vcV,  v'eV, 

and  it L.  These  triples  are  called  the  arcs  of  G. 

If  V  and  L  are  finite  sets,  G  is  called  a  finite  directed  graph. 


Let  a  a  (v,Z,vf)  be  an  arc  of  a  directed  graph.  Then,  we  define: 

1.  v  -  the  in  It  ia  I  vertex  of  the  arc, 

2.  I  -  the  label  of  the  arc, 

3.  v*  -  the  term ina  I  vertex  of  the  arc. 

And  we  shal  I  say  that  the  arc  a  leads  from  the  vertex  v  ±o  the 
vertex  v*. 


Let  v  be  a  vertex  of  a  directed  graph.  Then, 

1.  The  number  (finite  or  infinite)  of  arcs  a,  acA,  s.t,  v  is  the 
initial  vertex  of  cr  is  called  the  out-degree  of  v. 

2.  The  number  (finite  or  infinite)  of  arcs  a,  <*eA,  s.t.  v  Is  the 


terminal  vertex  of  a  is  called  the  in-degree  of  v. 
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A  finite  path  of  a  graph  G  (path ,  for  short)  Is  a  finite  sequence 
of  n  arcs  of  G,  n  £  I , 


(v.  ,v  ),  (v  ,t  ,v  ),  ...  ,<v  ,lx  ,v.  *), 

‘l  'l  2  *2  ]2  '3  'n  ‘n  n+l 


s.t.  the  terminal  vertex  of  each  arc  coincides  with  the  Initial  vertex 
of  the  succeeding  arcs. 

We  say  that  the  vertices  v,  ,v.  ,  ...,v.  are  ££  the  path,  and 

'l  *2  n+l 

that  the  path  joins  the  vertices  v.  and  v. 

1 1  n+l 
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CHAPTER  2:  DEFINITIONS 


2. I  Abstract  Programs 

An  abstract  program  (or  program  schema)  A P  consists  of; 

I.  A  finite  directed  graph  <V,L,A>,  with 

(a)  exactly  one  vertex  S«V  with  in-degree  0  U.e.,  no  arcs  leading 
to  S),  cal  led  the  start  vertex; 

(b)  exactly  one  vertex  H.V  with  out-degree  0  (l.e.,  no  arcs 
leading  from  H),  called  the  halt  vertex:  and 

<c)  every  vertex  v«V  Is  on  some  path  that  joins  S  and  H. 


2.  (a)  a  set  of  m,  m  £  0,  distinct  individual  variables 

y  =  <yrV2 . Vm),  called  input  variables:  and 

(b)  a  set  of  n,  n>  I,  distinct  individual  variables 
x-  Cx j called  program  variables. 


3,  With  each  arc  or  =  (v,i,v')*A  there  is  associated: 


a  quantifier  free  wff  ^  called  the  test  predicate  of  r»:  and 

(b)  an  n-tuple  T  =  +  (<*).  ,  , 

K  'T|  9  t2  )  of  terms  called  the 

_ .  -  1 1  \ 


assignment  function  of  ty. 


Cl) 


The  wff  does  not  contain  any  predicate  variables. 


The  intended  interpretation  is 

V:  if  *cr  then  Replace  simultaneously  each  variable  x.  by  tfa)  and 
go  to  v1]. 
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The  wff  cpff  and  the  terms  t  j0^  do  not  contain  Individual  variables 
other  than  y  and  x.(l)  I f  v  =  S  ( I .e. ,  *  Is  an  arc  leading  from  the 
start  vertex)  the  wff  cpa  and  the  terms  t®  do  not  contain  the  program 
vor  iables  7. 


In  addition,  an  abstract  program  should  satisfy  the  following 
res+r let  ion: 

4.  For  every  vertex  v(v  *  H),  if  or,,^ . ^  is  the  set  of  all  arcs 

leading  from  v,  the  set  of  the  test  predicates  .cp^  is 

I  2  N 

(a)  complete,  i.e.,  <x)(y)  [<p  v  cp  V  ...  V  <p  ]  is  valid,  and 

I  _  2  ®N 

(b)  mutually  exclusive,  i.e.,  (3x)(3y)  [cp  A  <p ,  ]  is  unsat isf iab le 

w  j  Of  • 

for  every  pair  (l,j),  I  £  |  J 


We  have  restricted  cpa  to  be  a  quantifier  free  wff.  However,  all 
the  theorems  presented  in  this  work  are  true  also  in  the  case  when  cp 

-is  anyjrfff  that  does  not  contain  free  individual  variables  other  than 
y  and  x. 
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Examp  I e 

The  following  diagram  represents  an  abstract  program.  We  shall 
refer  later  to  this  abstract  program  as  AP*, 


f 7 \ 

"HP  E  r  1 1*  *  *  * 

/ TT 

V  1 

111 


where 

a  -  Individual  constant, 
f  -  monadic  function  constant, 
p  -  monadic  predicate  constant, 
y  -  input  var  table, 

-  program  variable. 


x 
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2.2  Programs 

An  Interpretation  3  o;  an  abstract  program  AP  consists  of  a 
non-empty  set  of  elements  (ca  I  led  the  domain  of  the  Interpretation) 
and  assignments  to  the  constants  of  AP: 


1.  To  each  function  constant  which  occurs  In  AP,  we  assign  a 

latfil  function  of  n  variables  ranging  over  D  ,  whose  values 

o 

are  in  D^.  [if  n  =  0,  the  Individual  constant  f"  Is  assigned 

some  fixed  element  of  D  .] 
o 

2.  To  each  predicate  constant  p"  which  occurs  In  AP,  we  assign  a 

.total  function  of  n  variables  ranging  over  D  ,  whose  values 

o 

are  Tor  F.  [if  n  =  0,  the  propositional  constant  p°  Is 
assigned  the  value  T  or  F.] 


Let  AP  be  an  abstract  program  and  3  an  Interpretation  of  AP.  The 
pair  (AP#3)  Is  called  a  program. 


Example 

Oonslder  the  abstract  program  AP*  of  sec.  2.1.  Let  3*  be  the 
following  interpretation  of  AP*: 

D  Is  I  (the  domain  of  the  Integers), 
f(x)  Is  x  +  I, 
p(x)  is  x  =  0,  and 
a  is  -I. 
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Then  the  program  (AP#,3*)  can  represented  by  the  diagrams 


<71 


In  order  to  give  a  rough  idea  of  what  will  follow  in  the  next 
section,  let  us  only  mention  that  the  Algol  meaning  of  this  diagram  Is: 

START:  if  v=0  then  Tx  -  v:  qo  to  3]  else  [x  ♦  -I;  go  to  l]; 

I ;  J_f  x=0  then  [x  ♦  x;  ,90  to  3]  else  [x  •*-  x  +  I ;  go  to  2] ; 

2:  if  x=0  then  [x  - 1 ;  jjo  to  3]  e  1  se  [x  "■  x;  HALT] ; 

3:  ±f  x=0  then  [x  +  x;  HALT]  e  I  se  [  x  x  +  I ;  go  to  3] . 


2.3  Interpreted  Programs 


Let  (AP,3)  be  a  program.  Then  tho  result  obtained  by  assigning 

values  y,  yc(D  )m,  for  the  Input  variables  y  of  the  program  -  is  called 

o 

the  interpreted  program  (AP,3/V ) »  * 


Example 

By  assigning  the  value  I  to  the  input  variable  y  of  the  program 
(AP*,3*)  of  sec.  2.2,  we  obtain  the  interpreted  program  (AP*,3#J): 


i  "I 


^Programs  with  no  Input  variables  ( I .e. ,  m  =  0)  wi I  I  be  considered 
as  interpreted  programs. 
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The  Interpreted  program  (AP,3#Y)  defines  an  execution  sequence 
<AP,3,y>  which  Is  a  (finite  or  Infinite)  sequence  of  triples 


U 


(I)  ..(I)  “( I) 


), 


where, 

1.  L  x  V  x  <D^)n  for  every  j,j  £  I. 

2.  U(l\v(,),x(l))  is  the  first  triple  in  the  sequence  if  and 
only  if  there  exists  an  arc  a  =  <$,4^*#v^)eA  s.t. 


1- 

11 

1  >■ 
> 

and 

x(l)  =T(y).(l) 
or  T 

.V(j>.x(jl) 

and 

(x(j  +  l)yj>l),x(J^I))  are  fwo  successive 

triples  in  the  sequence  if  and  only  If  there  exists  an  arc 
a  =  (v(j),jt(j  +  l),v(j  +  ,))«A  s.t. 

cpa(x<J),v)  =T  and  x(j  +  ,)  -  ,y>-(2> 

4.  The  sequence  is  finite  and  (4^,v^  ,x^ ) ,  q^  I,  Is  the 
last  triple  of  the  sequence  if  and  only  if  v^  =  H.  In 


^(y)  and  t^ty)  stand  for  the  result  of  substituting  y  for  y  in 

<o  and  t  . 

Ya  ot 

\C^\V  and  t^fx^.y)  stand  for  the  result  of  substituting 
x(J>  for  x  and  y  for  y  In  epa  and  t^. 
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this  case  x^  is  called  the  value  of  the  execution  sequence 
<Ap#3*Y>  and  is  denoted  by  val  <AP,3,y>  , 


In  other  words,  execution  always  starts  at  the  start  vertex.  On 
execution  of  the  j*h  step,  j  ^  I,  control  moves  along  the  arc 
a  =  <v(j  ^A^,v^),  where  v^  =  S,  and  represents  the  condition 
that  this  arc  is  entered.  The  value  of  each  program  variable  x.  Is 
replaced  in  the  jth  step  by  the  current  value  of  tj0^,  simultaneously. 
So,  x<J>  represents  the  current  value  of  the  program  variables  x  after 
executing  the  j  ^  step.  Execution  stops  whenever  control  reaches  the 
halt  vertex. 


Examp  I  e 

The  Interpreted  program  (AP*,3*,D  defines  the  following  execution 
sequence  <AP*,3*,I>: 

<I,I,-IM3,2,0),(5,3,H),(7,3,0),(8,H,0). 

Let  (AP,3,y)  be  an  interpreted  program,  and  let  vcV  be  any  vertex 

of  AP.  Let  6  be  a  specified  total  predicate  from  (D-)n  into  jT,Fj. 

o 

Then, 

1 .  6  i s  ca  I  I ed  a  va  I  id  pred  icate  of  v  for  (AP,3,y ) 


if 
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V?,  (Dg) n s  J_f  there  exists  a  triple  of  the  form  U,v,5) 
In  <AP,3,v>,  for  some  ZeL,  then  6(§)  =  T. 

2.  6  Is  called  the  minimal  valid  predicate  of  v  for  (AP,3»y) 

If 

v?,  <0g)n :  6(5)  -  T  if  and  only  t f  there  exists  a  triple 

of  the  form  U,v,5)  In  <AP,3,y>,  for  some  icL. 

Examp  I  e 

The  predicate  x<  0  is  a  valid  predicate,  while  the  predicate 
x  =  -I  is  the  minimal  valid  predicate,  of  the  vertex  I  for  the 
Interpreted  program  (AP*,3*,I). 
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CHAPTER  3:  TERMINATION  OF  PROGRAMS  AND  ABSTRACT  PROGRAMS 

3.1  The  Algorithm  to  Construct  W^p 

In  this  section  we  shall  describe  an  algorithm  to  construct  from 
a  given  abstract  program  AP  a  wff  W^p,  called  the  wff  of  AP.  In 
section  3.3  we  shall  state  results  about  the  relation  between  AP 

8nd  WAP' 


Algorithm  I 

Let  AP  be  any  abstract  program  with  program  variables 
x  =  (x  |  >  n  >  \  >  and  i  nput  var  iab  les  (y  |  •  •  •  *ym)  *  m  >  0. 

We  shall  construct  the  wff  WAP  in  three  steps: 

Step  1 

Associate  with  every  vertex  v.  of  AP  a  predicate  variable  q., 
where  the  q.'s  are  distinct  n-adic  predicate  variables. 

Step  2 

Let  a  =  (v.,/#Vj)  be  any  arc  of  AP. 

In  step  I  we  have  associated  with  the  vertex  v.  the  predicate 

variable  q^  and  with  the  vertex  Vj  the  predicate  variable  q y 

We  shall  define  the  wff  W  (the  wff  of  the  arc  a)  as 

a 

V  A  *<»  3  «J(V* 
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But, 

1.  ifVj=S(l.e.,v.  is  the  start  vertex  of  AP),  then  replace 
the  occurrence  of  q.(x)  In  by  T,  and 

2.  i f  v j  *  H  ( i .e. ,  Vj  is  the  halt  vertex  of  AP),  then  replace 

the  occurrence  of  q.(t  )  in  W  by  F. 

J  0/  a  7 

Step  3 

Let  or  |  be  set  of  all  the  arcs  of  AP.  Then  define 

WAp  (the  wff  of  AP)  as: 

(x)  [W  AW  A  ...  A  W  ].  ( 1 } 

*1  a2  *N 


Note  that  the  input  variables  y  are  free  variables 


in  W 


AP* 
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W?:  q3(x)  A  ~p(x)  O  q3(f(x)) 

Wg!  q3(x)  A  p (x)  3  F 
Then  by  s+ep  3  It  follows  that, 

WAP»:  (x)[W|  A  W2  A  W3  A  W4  A  W$  A  Wg  A  W?  A  Wgj 
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3.2  Termination  of  Programs 
Definition  J_ 

The  program  (AP,3>  is  said  to  terminate  If  Vv>  the 

execution  sequence  <AP, 3  #Y>  is  finite. 


We  are  ready  now  to  state  the  main  result  of  this  chapter. 
Theorem  I 

The  program  (AP,3)  terminates 
i f  and  only  if 

(WAp,3)  is  unsatisf iable  [or  equivalently,  (~WAp,3)  is  valid]. 


Proof 

We  sha I  I  prove  that  the  program  (AP,3)  does  not  terminate  if  and 

only  if  (WAp,3)  is  satisfiable. 

I.  (AP,J)  does  not  term  i  nate  (WAp,3)  is  satisfiable. 

If  the  program  (AP,3)  does  not  terminate,  there  exists  a 

Y,  yc(D-)m,  such  that  the  execution  sequence  <AP, 3 ,Y>  is  infinite, 
o 

Let  us  assign  to  each  predicate  variable  qj  In  WAp,  the  minimal 
valid  predicate  of  the  vertex  v.  for  the  interpreted  program  (AP,3,V). 

Note  that  since  the  execution  sequence  <AP ,3 ,Y>  is  infinite,  i.e., 
control  never  reaches  the  halt  vertex.  It  follows  that  the  predicate  F 
is  the  minimal  valid  predicate  of  the  vertex  H  for  the  interpreted 
program  (AP,3,y). 
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Let  T  consist  of  the  above  assignments  for  the  q.  's  and  with  y 
assigned  to  y.  Following  the  construction  of  WAp  (see  Algorithm  I), 

It  is  clear  that  the  value  of  (WAp,g,D  is  T,  i.e.,  (WAp,3>  is 
sati sf lab  ley and  this  completes  the  proof  in  one  direction, 

2*  (WAp,3)  is  sat  i  sf  lab  le  =>  (AP,3)  does  not  terminate. 

If  (WAp,3)  is  satisfiable,  It  means  that  there  exists  an 
assignment  V  for  (WAp,3)  such  that  the  value  of  (WAp,3,r>  is  T,  T 
consists  of  assignments  of  specified  total  predicates  6.,  mapping 
<V  into  lT,Fj,  for  the  predicate  variables  q^,  and  an  assignment 
Vz  Y*(Pg)m,  for  the  free  variables  y. 

By  the  construction  of  WAp  (see  Algorithm  I),  this  implies  that 
each  6j  i s  a  va  1  i d  predicate  of  the  vertex  v.  for  (AP,3/y),  and 
therefore  that  F  is  a  valid  predicate  of  the  halt  vertex  for  (AP,3,y). 

This  implies  that  the  execution  sequence  <AP,3,y>  is  infinite 
(i.e.,  execution  does  not  reach  the  halt  vertex).  So,  CAP, 3)  does  not 
terminate. 


q.e.d. 
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Example 

Let  us  consider  the  program  where 

I.  the  abstract  program  A*P  Is 


and 

2.  the  interpretation  ^  is 

Dg-  =  I+  (i.e.,  the  domain  of  the  non-negative  integers), 
p(x)  is  x  =  0,  and 

f(x)  is  x  -  I,  where  x  -  I  is  defined  as  {*  *  •!  X  >  a 

1  0  if  x  =  0* 


The  program  (A?^)  can  be  represented  by  the  domain  Dp-  =  I+  and 

o 


the  diagram 
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Using  Algorithm  I  we  can  construct  W which  is 

nr 

(x)l  [TAT  =>q|(y)] 

A  [q,  Cx )  A  ~p(x)  O  qj  (f  (x) )  J 
A  [q,  (x)  A  p(x)  o  F  ]J . 

The  pair  (W^,^)  can  be  represented  by  the  domain  =  I+  and 

^  O 

(x,l  [TAT  =>q((y,] 

A  [q(  (x)  A  x  A  0=)  q(<x  i  t)] 

A  [q |  (x)  A  x  =  0  3  F  ]J . 


We  shall  prove  that  the  program  (AP.g)  terminates  by  using 
Theorem  I,  i.e.,  by  proving  that  (W^J)  unsati  sf  lab  le. 

We  shall  use  the  first  order  theory  N,  which  formalizes  elementary 
number  theory.  We  assume  that  the  reader  is  familiar  with  this  theory(l). 

The  theorems  of  N  that  we  shall  use  are: 

Tl:  ®Vq|(*l>  D  A  (x3’[x3  <  x2  3~q|  <x3)]] 

(an  instance  of  the  Least-number  Principle),  and 
T2:  (x)[x  t  0  =5  x  -  I  <  x]. 

Thus,  in  order  to  prove  that  (*A~3)  is  unsati  sf  iab  I  e,  we  shall 
prove  that  ^  A  T|  A  T2  is  unsatisf iable  (considering  x  =  0,  x  <  y 
and  x  -  I  just  as  symbols,  i ,e.,  the  predicates  x  =  0  and  x  <  y 
as  predicate  constants  and  the  function  x  *  I  as  function  constant). 


«l..n.St?96K;rs“  8’  ('9641  3.  or 
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The  Proof : 

The  prenex  normal  form  of  A  T  A  T.  Is: 

AP 

Qx2)  (x  | )  (x^)  (x)[  q |  <y > 

A  [  q  j  ( x )  A  x  t  0  3  q  f  (x  -  I)] 

A  [q  |  (x )  A  x  =  0  3  f  ] 

A  [q  j  (x  j  )  3  [q  j  (x2)  A  [x^  <  x2  3  ~q(  (x^)  ]]] 

A  [x  ^  0  3  x  -  I  <  x  ]  J  . 


Then  by  changing  the  matrix  to  conjuctlve  normal  form  and 
replacing  x2  by  a  and  y  by  b  (a  and  b  are  individual  variables),  we 
obtain  the  wff  W*: 


Clearly,  W^  A  T,  A  L  is  sat i sf i able  if  and  only  if  W*  is 
-  ft  I  2 

sat i sf lab le. 

We  are  going  to  prove  that  W*  is  unsati sf iab le  by  using  the 
resolution  principle.  We  assume  that  the  reader  is  familiar  with  this 
technique  (see  Robinson  [1965]). 

The  list  of  clauses  i s: 

1.  q((b) 

2.  (x) ,  x  -  0,  qj (x  -  I ) 
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3. 

~q(  (x)  ,  x  t  0 

4. 

~q| (X| ),  q j (a) 

3. 

~q,  Cx( ),  x3  •*;  a,  ~q ( Cx3 ) 

6. 

X 

V 

•  i 

X 

o 

II 

X 

Then  by 

resolving  we  obtain: 

7. 

q(  (a) 

by 

1 

and  4  (x(  =  b) 

8. 

a  f*  0 

by 

3 

(x  =  a)  and  7 

9. 

q  j  (o  “  1 ) 

by 

2 

(x  =  a),  7  and 

10. 

a  -  1  <  a 

by 

6 

(x  =  a)  and  8 

II. 

~q  j  (a  “  1 ) 

by 

5 

(x |  =  a,  =  < 

12. 

n 

by 

9 

and  1  1 

So,  by  resolving,  we  inferred  the  empty  clause  /_/,  which  implies 
that  W*  is  unsatisfiable,  i.e.,  (W^Jj)  is  unsati sf iab le.  Therefore 
it  follows,  by  Theorem  I,  that  the  program  (AV*jf)  terminates. 
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3.3  Termination  of  Abstract  Programs 
Definition  2 

An  abstract  program  A P  is  said  to  termi nate  if  for  every 
i nterpretation  3,  the  program  (AP,3>  terminates. 


The  following  theorem  follows  from  Theorem  I  and  Definition  2. 
Theorem  2 

An  abstract  program  AP  terminates 
i f  and  only  if 

WAP  is  unsat i sf iab le  [or  equ i va lent  I y ,  is  valid]. 

Proof 

AP  terminates, 

if  and  only  if  (follows  by  Definition  2) 

for  every  interpretations,  the  program  (AP,3)  terminates, 
if  and  only  if  (follows  by  Theorem  I) 

for  every  i nterpretation  3 a  (WAp,3)  is  unsat i sf iab le, 
i f  and  only  if 

W.D  i s  unsati sf iable. 

q.e.d. 

Theorem  2  transforms  completely  the  problem  of  termination  of 
abstract  programs  to  an  equivalent  problem  in  logic.  This  enables  us 
to  obtain  many  results  about  the  problem  of  termination  of  abstract 
programs,  just  by  using  well-known  results  in  logic.  The  following 
example  i llustrates  one  of  them.  Other  results  are  presented  in  the 
next  section. 
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Example 

We  shall  prove  that  the  abstract  program  AP*  (see  sec.  2.1) 
terminates,  by  using  Theorem  2,  i.e.,  by  proving  that  Is 

unsati sf lable. 

In  sec.  3.1  we  have  already  constructed  W^p*,  which  is 


(*>l  [  T  A  -P(y)  3  qj  (a)  ] 

A  [  T  A  p(y)  3  < y )  ] 

A  [q ,  (x)  A  ~p(x)  3  q2<f(x))] 
A  [q |  (x)  A  p (x)  3  q^(x)  ] 

A  [q2Cx)  A  p(x)  3  q3(a)  ] 

A  [q2 (x)  A  ~p(x)  3  F  ] 

A  [q3(x)  A  (x )  3  q3  ( f  (x))] 
A  [q3(x)  A  p(x)  3  F  ]j 


By  changing  the  matrix  of  W Ap*  to  conjuctive  normal  form,  and 
replacing  y  by  b  (where  b  is  a  new  individual  variable),  we  obtain 

WAP*: 

(x)  l  [  p(t>,  V  q(  (a)  ] 

A  [  ~p<b)  V  q3(b)  ] 

A  [~q,(x)  V  p (x )  V  q2(f(x))] 

A  ['"^q j  ( x )  V  ~p(x)  V  q3<x)  ] 

A  [^(x)  V  ~p(x)  V  q3(a)  ] 

A  [^2(x)  V  p(x)  ] 
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A  [~q3(x)  V  p(x)  V  q3<f(x))] 

A  C^q^Cx)  V  ~p(x)  ]}  . 

i 

Clearly,  is  sa+isfiable  if  and  only  If  Vl  i  s  sati sf iab le. 


We  j 

are  going  to  prove  that  W^p*  i 

is  unsat i sf iab 1 e  by  using  the 

resolution  principle.  We  assume  that 

the  reader  is  familiar  with 

technique  (see  Robinson  [1965]). 

The 

list  of  clauses  i s: 

1. 

p (b) ,  q j (a) 

2. 

~p(b),  q^(b) 

3. 

~qf (x),  p (x ) ,  q^(f  (x)) 

4. 

~q  | (x),  ~p(x) ,  q3<x) 

5. 

~q2(x) ,  ~p(x) ,  q^Ca) 

6. 

~q2(x),  p (x ) 

7. 

^(x),  p  (x ) ,  q^(  f  (x) ) 

8. 

~q3(x) ,  ~p(x) . 

Then  by 

resolving  we  obtai n 

9. 

'■'-p  (b ) 

by  2  &  8  (with  x  "  b) 

10. 

q,  (a) 

by  l  &  9 

II. 

~q  j (x ) ,  q2(f(x)),  q^(x) 

by  3  &  4 

12. 

q2<fta)),  q^(a) 

by  10  &  II  (with  x  =  a) 

13. 

~q2(x),  q3(a) 

by  5  &  6 
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14. 

q3(a) 

by 

12  4  13 

(with  x  = 

f  (a) ) 

15. 

^q3(x), 

q^( f (x) ) 

by 

7  4  8 

16. 

q3(f (a) ) 

by 

14  4  15 

(with  x  = 

a) 

17. 

P<a), 

q2(f (a)) 

by 

3  (with 

x  =  a)  & 

10 

18. 

P(a), 

p(f(a)) 

by 

6  (with 

x  =  f (a) ) 

&  17 

19. 

~q3(a). 

p(f  (a)) 

by 

8  (with 

x  =  a)  & 

18 

20. 

~q3(o). 

~q3<f (a)) 

by 

8  (with 

x  =  f (a) ) 

&  19 

21 . 

~q3<a) 

by 

16  4  20 

22. 

LJ 

by 

14  4  21. 

So,  by  resolving,  we  inferred  the  empty  clause  ,  which  implies 
that  is  unsatisf  iable,  i.e.,  Vt^  is  unsat  I  sf  iab  le.  Therefore  it 
follows,  by  Theorem  2,  that  A P*  terminates. 
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3.4  The  Termination  Problem  of  Abstract  Programs 

1 1  i  s  a  we  I  I  -known  resu  1 1  that  the  term!  nation  prob  I  em  of. 
abstract  programs  i s  undec i dab  I e  (see  Luckham,  Park  and  Paterson 
[1967]).  That  is,  there  can  be  no  algorithm  which  takes  as  input 
any  abstract  program  AP  and  in  all  cases  stops  with  a  decision  as  to 
whether  the  abstract  program  terminates  or  not. 


But, 

Coro  It  ary  I:  The  termination  problem  of_  abstract  programs  j_s 
semi -deci dab le. 

That  is,  there  are  algorithms  (called  semi -deci si  on  procedures), 
which  take  as  input  any  abstract  program  AP,  and 

1.  If  AP  terminates,  the  algorithm  will  stop  and  say  so; 

2.  If  AP  does  not  terminate,  the  algorithm  will  never  stop. 


Since  the  validity  problem  of  the  predicate  calculus  is  semi- 
decidable,  Corollary  I  follows  airectly  by  Theorem  2. 

Moreover,  any  known  semi -deci si  on  procedure  for  solving  the 
validity  problem  of  the  predicate  calculus  can  be  used,  together  with 
Algorithm  I,  as  a  semi -deci sion  procedure  for  solving  the  termination 
problem  of  abstract  programs.  In  fact,  in  sec.  3.3,  we  have  used  the 
resolution  principle,  which  is  a  semi-decision  procedure  for  solving 
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the  validity  problem  of  the  predicate  calculus,  to  prove  the 
termination  of  the  abstract  program  AP*  of  sec.  2.1. 


Though  the  termination  problem  of  abstract  programs  is 
undecidable,  there  nevertheless  exist  subclasses  of  aostract  programs 
for  which  the  termination  problem  is  decidable. 

Coro  I (ary  2 

The  termination  prob I em  for  the  fo I  lowing  classes  i s  decidable: 

1.  C|  =  lAPlAP  is  an  abstract  program  without  function 

constants  f n  >  I j, 

2.  =  lAPlAP  is  an  abstract  program  which  has  only  one  program 

variable  x  (i.e.,  n  =  I),  and  all  the  occurrences  of 
function  constants  in  AP  are  in  terms  of  the  form  f? 

i 

or  f ! (x) j. 

3.  c3  =  iapIap  is  an  abstract  program  which  has  only  two  program 

variables  x(  and  x2  (i.e.,  n  =  2),  and  all  the 
occurrences  of  function  constants  in  AP  are  in  terms 
of  the  form  f?  or  f^(X|,x2)J. 


Proof 

For  each  i,  I  ^  I  <  3,  the  decidability  of  the  termination  problem 
for  the  class  C.  follows,  by  using  Theorem  2,  from  the  decidability  of 
the  validity  problem  for  the  class  W.  (see  sec.  1.2). 
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Let  us  prove  this  assertion  for  I  =  2.  I .e. ,  we  shal  I  prove  the 
decidability  of  the  termination  problem  for  the  class  C2  by  using 
Theorem  2  and  the  decidability  of  the  validity  problem  for  the  class 
^2*  where 

W2  =  ls  a  wff  in  Prenex  normal  form,  without  function 

constants,  and  with  prefix  of  the  form  V. .  .V3V  . . .  vj . 

The  proof  of  the  assertion  for  the  other  classes  is  similar. 


Let  AP  be  any  member  of  the  class  C2,  i.e,,  AP  Is  an  abstract 
program  which  has  only  one  program  variable  x  (i.e.,  n  =  I),  and  all 
the  occurrences  of  function  constants  in  AP  are  in  terms  of  the  form 
f°,f°,...,f°  and  fj(x),f2Cx),...,fJ(x)  (k,/^0). 

Then  WAp  Is  of  the  form  (x)M,  where  M  is  a  quantifier  free  wff 
and  all  the  occurrences  of  function  constants  in  M  are  in  terms  of  the 

form  f°’f2 . fk°  and  f!<x),f^(x),...,fj(x). 

Let  be  the  wff  (3w, ) . .  .  (3v^  )  (x)  <3z, ) . .  .  (3z  )M\  where  M1 
is  the  result  of  substituting  w. ,  i  =  l,2,...,k,  for  each  occurrence 
of  fi  in  M  and  substituting  z.,  i  =  1,2,...,/,  for  each  occurrence  of 
f j (x )  i.e.,  M1  contains  no  function  constants. 

WAP  is  satisfiable  if  and  only  If  WAp  is  satisfiable,  since  WAp  is 


the  functional  form  of  WJ 
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Let  WJJp  be  the  wff  (w  ). . .  <wk)<3x)<z| ) . . .  (z^)  [— M*  ],  i.e.,  W"p  is 
just  ~W^p.  Clearly,  WJ|p  is  valid  if  and  only  If  W^p  is  unsa+i sf lab le. 


Since  W”p  is  in  prenex  normal  form,  without  function  constants, 

and  with  prefix  of  the  form  V.  . . V3V. . . V,  it  follows  that  W^p  is  a 

member  of  But  the  validity  problem  for  the  class  is  decidable, 

so  it  Is  decidable  whether  W"  is  valid  or  not. 

AP 

Since  by  the  previous  assertions  W^Jp  is  valid  if  and  only  if  AP 
terminates,  this  implies  that  it  is  decidable  whether  AP  terminates  or 
not. 

q.e.d. 


Known  decision  procedures  for  solving  the  validity  problem  for 
the  class  W.  can  be  used,  together  with  Algorithm  I ,  as  a  decision 
procedure  for  solving  the  termination  problem  for  the  class  Cj .  For 
example,  we  can  use  Friedman's  semi -dec i si  on  procedure  for  the 
predicate  calculus  (see  Friedman  [1963]),  which  is  a  decision  procedure 
for  the  classes  W|,  W^,  and  Wy 

Note  that  the  abstract  program  AP*  of  sec.  2.1  belongs  to  the 
class  C^- 


CHAPTER  4:  EQUIVALENCE  OF  PROGRAMS  AND  ABSTRACT  PROGRAMS 


4.1  The  Algorithm  to  Construct  W^p  ^p, 

Definition  3 

Two  abstract  programs  AP  and  AP*  are  said  to  be  comparab I e  if 

1.  they  have  the  same  set  of  program  variables  x  =  (Xj,...,xn), 
and 

2.  they  have  the  same  set  of  input  variables  y  =  (y ( . #ym) . ^ 


In  this  section  we  shall  first  describe  an  algorithm  to  construct 
from  two  given  comparable  abstract  programs  AP  and  AP  a  wff  WAp  Apl 
(the  wff  of  AP  and  AP1 ) .  In  section  4.3  we  sha 1 1  state  results  about 
the  relation  between  AP,  AP1  and  W^p  ^p,. 


A I gor i thm  2 

Let  AP  and  AP1  be  any  two  compaiable  abstract  programs.  We  shall 
construct  the  wff  W^p  ^p,  in  four  steps: 


Note  that  any  two  abstract  programs  can  be  considered  as 
satisfying  condition  2,  for  if  the  two  abstract  programs  do  not  have 
the  same  sets  of  input  variables,  just  add  to  each  program  an 
appropriate  set  of  dummy  input  variables. 
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SlfigJ. 

Associate  with  every  vertex  v^  of  AP  a  predicate  variable  qj  [we 
shall  denote  by  qu  the  predicate  variable  associated  with  the  halt 
vertex  H  of  AP],  and  associate  with  every  vertex  vf  of  AP'  a  predicate 
variable  qj,  where  all  the  q.  and  the  qj  are  distinct. 

Let  a  =  (Vj,i,Vj)  be  any  arc  of  AP. 

In  step  I  we  have  associated  with  the  vertex  v^  the  predicate 

variable  qt,  and  with  the  vertex  v.  the  predicate  variable  q.. 

i  J  J 

We  shall  define  the  wff  (the  wff  of  the  arc  a)  as 

V  q^x)  A  tpQ  =>qj(ttf). 

But. 

if  v.  =  S  (i.e.,  v.  is  the  start  vertex  of  AP),  then  replace  the 

i  i 

occurrence  of  q((x)  in  by  T. 

Step  3 

Let  cr'  =  (vj,  Jt,vl)  be  any  arc  of  AP'. 

In  step  I  we  have  associated  with  the  vertex  vj  the  predicate 

variable  q.',  and  with  the  vertex  v1.  the  predicate  variable  q’.. 

i  J  J 

We  shall  define  the  wff  W  ,  (the  wff  of  the  arc  o')  as 

V5  qi(*)  A  V3  qj(V- 

But, 

I.  if  vj  =  S'  ( i .e. ,  v|  is  the  start  vertex  of  AP1),  then 
replace  the  occurrence  of  qj (x)  in  W^t  by  T,  and 
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2.  if  v j  =  H'  (l.e.,  vj  Is  the  halt  vertex  of  AP'),  then 

replace  the  occurrence  of  q!(t  ,)  in  W  ,  by  ~qai(t  . ) . 

J  o'  o  H  a 

Step  4 

Le+  “  1 **2’ '  •  ’  ,aN  be  +he  se+  of  8,1  arcs  of  AP,  and 

al’a2’--"aM  be  the  se+  of  aM  +he  arcs  of  AP'.  Then  define  WA„ 

AP,AP' 

as 


WAP,AP':  A  w„  A  ...  A  W  AW 


,  A  W  . 
a\  a2 


A  W  ]. 
“M 


(I) 


Examp  le 

Consider  the  abstract  program  AP** : 


where, 

a  -  individual  variable, 
f  -  monadic  function  constant, 
p  -  monadic  predicate  constant, 
y  -  input  variable, 
x  -  program  variable. 


Note  that  the  input  variables  of  AP  and  AP1 
inWAP,AP'* 


are  free  variables 
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WAP*,AP**:  (xH  f  T  A  ~p(y)  3  q,(a)] 

A  [  T  A  p  (y )  3  q3(y)  ] 

A  [q,  (x)  A  ~p,'x)  3  q2  (f  (x))] 

A  [ q j  (x)  A  p (x )  3  q3(x)] 

A  [q2(x)  A  p(x)  3q^(a)] 

A  [q-(x)  A  ~p(x)  3  q  (x )  ] 

r  H 

A  [q3(x)  A  ~p(x)  3  q  (f (x))] 

A  [q3(x)  A  p (x )  3  q  (X)  ] 

A  [  T  A  ~p(y>  a --p(a)  3~qH(f(a))] 

A  [  T  A  — p ( y )  A  p(a)  3~qH(a)] 

A  [  T  a  p(y )  3~qH(y)]}. 
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4.2  Equivalence  of  Programs 
Definition  4 

Let  AP  and  AP*  be  any  two  comparable  abstract  programs. 

Let  3  be  an  interpretation  that  contains  assignments  for  all  the 

constants  that  occur  in  AP  or  AP1. 

Then  the  programs  (AP,3)  and  (AP',3>  are  said  to  be  comparable. 


Definition  6 

Two  comparable  programs  (AP,3)  and  (AP',3)  are  said  to  be 
equivalent,  i f 

Vy,  yt(D  )m,  both  execution  sequences  <AP ,3, y>  and 

o  _  _ 

<AP\3,y>  are  finite  and  val  <AP,3»V>  =  va^ 


Theorem  3 

Two  comparable  programs  <AP,3>  and  (AP’,3)  are  equivalent, 
i  f  and  only  if 

(WAD  AD, ,3)  is  unsat i sf iab I e  [or  equivalently,  ^  WAP , AP 1 ^  'S 

r\r  p  nr 

valid]. 


Proof 

We  sha I  I  prove  that : 

yc(D  )m,  such  that  I.  <AP,3,Y>  is  infinite, 

v5  _ 

or  2.  <AP',3,v>  is  infinite, 

both  <AP,3,y>  and  <AP',3,y>  are  finite, 

and  val  <AP,3,y>  *  val  <AP’,3,Y>. 


or  3. 
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i f  and  only  If 

^AP,AP*  '3  ^  ls  sa^  i  sf  j  ab  I  e. 

(i)  => 

We  have  to  consider  three  cases: 

I.  If  the  execution  sequence  <AP ,3, y>  is  infinite,  then  (WAp  Ap,,3) 
is  satisfiable,  since  the  value  of  (WApApl,3,n  Is  T,  where  T  consists 
of  the  following  assignments: 

(a)  y  assigned  to  y, 

(b)  to  each  occurrence  of  q.  in  WAp  Apr  assign  the  minimal  valid 
predicate  of  v.  for  (AP,3,y),  and 

(c)  to  each  occurrence  of  q,1  in  WAp  Apr  assign  the  minimal  valid 
predicate  of  v.'  for  (AP',3,y). 

The  result  then  follows  from  the  construction  of  . 

AP,  AP ' 

(Algorithm  2).  Note  that,  si  nee  <AP,3,y>  is  infinite,  the  minimal 
valid  predicate  of  H  for  (AP,3,y)  is  F,  i.e.,  by  our  assignment 
qH  s  F,  and  therefore  e  T. 

2.  If  the  execution  sequence  <AP •  ,3,y>  is  infinite,  then  (WflD  AD,,3) 

AP, AP 1  w 

is  satisfiable,  since  the  value  of  (WAP)Apl  ,3,D  is  T,  where  T  consists 
of  the  following  assignments: 

(a)  y  assigned  to  y, 

(b)  to  each  occurrence  of  q.  [except  qR]  in  WAp  Ap,  assign  the 
minimal  valid  predicate  of  v.  for  (AP,3,y), 

(c)  to  each  occurrence  of  q!  in  WAp<Ap,  assign  the  minimal  valid 
predicate  of  v!  for  (AP',3,v),  and 

(d)  qH  h  j. 
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The  result  then  follows  from  the  construction  of  WAP,AP' 

(Algorithm  2).  Note  thet  ~qH  ■  F,  and  si  nee  <AP'  ,3/y>  Is  Infinite, 

F  Is  the  minimal  valid  predicate  of  H'  for  (AP',3,y). 

3.  If  both  the  execution  sequences  <AP ,3 ,y>  and<AP,,3,y>  are  finite 
and  val  <AP,3,Y>  t  val  <AP*,3»Y>  then  (WAp  ApM3)  Js  sat  i  sf lab  I e, si  nee 
the  value  of  (WAp  Apl,3,r)  is  T,  where  T  consists  of  the  following 
assignments: 

(a)  y  assigned  to  y, 

(b)  to  each  occurrence  of  q,  in  WAp  Ap,  assign  the  minimal  valid 
predicate  of  v.  for  (AP,3»Y),  and 

(c)  to  each  occurrence  of  qj  in  WAp  Ap)  assign  the  minimal  valid 
predicate  of  vj  for  (AP',3>Y)' 

The  result  then  follows  from  the  construction  of  WAP,AP' 

(Algorithm  2).  Note  that  we  assigned  to  qH  the  minimal  valid 
predicates  of  H  for  (AP^/Y)*  l.e.,  6(x)  =  T  If  and  only  If 
x  *  val  <AP,3,y>.  Now,  since  val  <AP,3,Y>  ^  val  <AP',3'Y>a  1  +  follows 
that  6  (val  <AP'^,v>)  =  F,  i.e.,~6  (val  <AP’  $  ,Y> )  =  T. 

(ii)  <= 

We  shall  prove  that  H  (WAp  ap,a3)  i  s  sati  sf  iab  le  wi  th  y",  Y«  (Qj  )m, 
assigned  to  y,  and  both  execution  sequences  <AP ,3  ,Y>  and<AP’,3»Y> 
are  finite,  then  val  <AP,3,Y>  #  val  <AP’,3,Y>. 

If  (WAp  arm3)  Is  sati  sf  iab  I  e  with  y  assigned  to  y,  it  means 
that  there  exist  an  assignment  T  such  that  (WAp  Ap 


,a3aF)  T,  where  T 
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consists  of  the  assignment  of  y  to  y  and  assignments  of  specified 

total  predicates  6.  and  6!  (mapping  (D-)n  into  lT,Fj)  for  q.  and 
1  *  0 

q?  respectively. 

By  the  construction  of  W^p  Apl  (Algorithm  2),  this  implies  that 
each  6j  is  a  valid  predicate  of  the  vertex  v.  for  (AP,3,y)» 
especially  6  is  a  valid  predicate  of  the  halt  vertex  H  for  (AP,g,y), 
and  therefore  6u(val  <AP,3,Y>)  =  T.  Moreover,  each  6.)  is  a  valid 

rl  I 

predicate  of  the  vertex  v!  for  (AP',3,Y),  and  is  a  valid  predicate 
of  the  halt  vertex  H'  for  (AP',3/Y),  and  therefore  ~6H(val  <AP',3»Y>)  =  T, 
i.e.,  6H(val  <AP',3,V»  =  F. 

But  since  6H<val  <AP,3,Y>)  =  T,  while  «H<val  <AP',3,Y»  =  F,  it 
follows  that  val  <AP,3,Y>  A  val  <AP',3,Y>. 

q.e. d. 
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4 . 3  Equ i va I ence  of  Abstract  Programs 
Def i n! tion  6 

Two  comparable  abstract  programs  AP  and  AP*  are  said  to  be 
equivalent  if  for  every  Interpretation  3  that  contains  assignments 
for  all  the  constants  that  occur  in  AP  or  AP',  the  programs  (AP,^) 
and  CAP 1 ,3 )  are  equivalent. 


Theorem  4 

Two  comparable  abstract  programs  AP  and  AP1  are  equivalent, 
i f  and  only  if 

WAP,AP'  is  unsatlsf 'able  [or  equivalently,  ~WAp  Api  is  valid]. 

Proof 

AP  and  AP'  are  equivalent, 
if  and  only  if  (by  Definition  6) 

for  every  i nterpretat ion  3,  the  programs  (AP,3)  and  (AP',3)  are 
equ i valent, 

if  and  only  if  (by  Theorem  3) 

for  every  interpretation  3,  CWAp  Ap,,3)  unsati sf iab le, 
i  f  and  only  if 

WAP,AP' 


i  s  unsati sf iab le. 
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Theorem  4  transforms  completely  the  equivalence  problem  of 
abstract  programs  to  an  equivalent  problem  in  logic.  So,  by  Theorem  4 
we  can  obtain  many  results  about  the  equivalence  problem  of  abstract 
programs,  just  by  applying  well-known  results  in  logic.  In  the 
remainder  of  this  section  we  shall  present  several  such  results. 


It  is  a  well-known  result  that 

the  equ  i  va I ence  prob I em  of  abstract  programs  i s  undec i dab  I e . 

That  is,  there  can  be  no  algorithm  which  takes  as  input  any  two 
comparable  abstract  programs  and  in  all  cases  stops  with  a  decision 
as  to  whether  the  abstract  programs  are  equivalent  or  not. 

This  result  follows  directly  from  the  undec i dab i I i ty  of  the 
termination  problem  of  abstract  programs  (see  sec.  3.4),  since  an 
abstract  program  terminates  if  and  only  if  it  is  equivalent  to 
i tse I f  . 


But,  by  Theorem  4  it  fol lows  that 
Coro  I larv  3 

the  equ  j  va  I  ence  prob I em  of  abstract  programs  i s  semi  -dec i dab  I e. 
That  is,  there  is  an  algorithm  (called  a  semi-decision  procedure), 
which  takes  as  input  any  two  comparable  abstract  programs,  and 

1.  if  they  are  equivalent,  the  algorithm  will  stop  and  say  so, 

2.  if  they  are  not  equivalent,  the  algorithm  will  never  stop. 
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Since  the  validity  problem  of  the  predicate  calculus  Is  semt- 
decidable,  Corollary  3  follows  directly  by  Theorem  4.  Moreover,  any 
known  semi -dec! si  on  procedure  for  solving  the  validity  problem  of  the 
predicate  calculus  can  be  used,  together  with  Algorithm  2,  as  a  seml- 
declslon  procedure  for  solving  the  equivalence  problem  of  abstract 
programs. 


Though  the  equivalence  problem  of  abstract  programs  is 
undecidable,  there  nevertheless  exist  subclasses  of  abstract  programs 
for  which  the  equivalence  problem  is  decidable. 


Coro  I larv  4 

The  equivalence  prob I em  for  the  fol  lowi nq  classes  j_s  dec i dab le : 

1.  Cj  =  IapIaP  is  an  abstract  program  without  function  constants 

f",  n  >  I J, 

2.  C2  =  lAplAP  is  an  abstract  program  which  has  only  one  program 

variable  x  (i.e.,  n  =  I),  and  all  the  occurrences  of 
function  constants  in  AP  are  In  terms  of  the  form 
f?  or  f !  (x)  J, 

3.  C^  =  lAPlAP  is  an  abstract  program  which  has  only  two  program 

variables  Xj  and  x 2  (i.e.,  n  =  2),  and  all  the 
occurrences  of  function  constants  in  AP  are  in  terms 
of  the  form  f?  or  f^(X|,x2) j. 
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That  is,  for  each  i,  I  <  i  <  3,  there  Is  an  algorithm  which  takes 
as  input  any  two  comparable  abstract  programs  AP,  AP'cCj,  and  in  all 
cases  stops  with  a  decision  as  to  whether  AP  and  AP*  are  equivalent  or 
not.  This  follows,  by  using  Theorem  4,  from  the  decidability  of  the 
validity  problem  for  the  class  W.  (sec.  1.2).*** 


Most  of  the  results  for  the  termination  problem  presented  in 
Chapter  3  are  special  cases  of  the  results  presented  in  this  chapter, 
especially  corollaries  I  and  2  follows  from  corollaries  3  and  4 
respectively,  since  every  abstract  program  AP  terminates  if  and  only 
If  it  is  equivalent  to  itself. 


See  the  proof  of  Corollary  2  in  sec.  3.4. 
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CHAPTER  5:  TERMINATION  OF  NON-DETERM  I  Nl  STIC  PROGRAMS 
A  NO  NON-DETERM  I N I  ST  I C  ABSTRACT  PROGRAMS 


5. I  Definitions 

A  non-determl ni Stic  abstract  program  Gp  i s  def I ned  exact ly  as  an 
abstract  program  (see  sec.  2.1),  but  without  restriction  4(b) ,  1.e.# 
without  the  restriction  that  for  every  vertex  v(v  A  H),  the  test 
predicates  on  all  the  arcs  leading  from  v  are  mutually  exclusive. 

This  Implies  that  the  class  of  a  I  I  the  non-determi ni st  ic  abstract 
programs  Includes  as  a  proper  subclass  the  class  of  all  the  abstract 
programs. 


The  notions  of  non-determi ni st i c  program  Cp,^)  and  non-determi ni stic 
i nterpreted  program  (GP ,y )  are  defined  exactly  as  for  abstract 
programs  (see  sections  2.2  and  2.3). 


Since  the  test  predicates  on  all  the  arcs  leading  from  vertex  2 
[i  .e. ,  ~p(x),  p(x),  and  ~p(x)  A  p(f (x)>],  are  not  mutual ly  exclusive 


Gp*  is  not  an  abstract  program. 

Let  3*  be  the  following  interpretation  of  6P*: 

D  is  I  (the  domain  of  the  integers), 
f  (x)  i  s  x  +  I , 
p (x )  Is  x  =  0,  and 
a  is  -2 . 

Then  the  non-determini stic  program  (Gp*,3*)  can  he  represented  by 
the  domain  D  =  I  and  the  diagram 


By  assigning  the  value  I  to  the  variable  y  of  Cp*,3*),  we  obtain 
the  non-determinl Stic  interpreted  program  CP* ,3*,  I): 


M  *  I  ■  L 


I  *  [  F I 


oe 

ArtW 

j^J! 

1*  -2 


* 


% 

x  \ 

it# 

Os\ 

Jx  *■  x  *  J 


In  a  non-determlnlstic  interpreted  program  GP^J/y)  there  may 
exist  a  vertex  v  and  two  distinct  arcs  or  ^  and  leading  from  v,  such 
that  control  may  reach  vertex  v  with  x  =  f,  fe(Qj)n,  while  both 
=  T  and  <p  (?)  =  T.(l) 


cpa^(5)  and  <p^  (5)  stand  for  the  result  of  substituting  5  for  y 


i n  m  and  cp  respectively. 
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It  follows  that  In  general  a  non-determl nl stlc  interpreted 
program  (GP,3,y)  does  no+  define  a  unique  execution  sequence 
<£P#3'Y>  as  tor  Interpreted  programs  (see  sec.  2.3),  but  a  set 
t<fiP>^,V>i  of  execution  sequences. 


ExaffiP.IS 

The  interpreted  program  (GP*,3*J)  defines  two  execution 
sequences : 

(1,1, -2)  (3, 2,-1)  (7, H,- I ) ,  and 

(I, 1,-2)  (3, 2,-1)  (5, 3, -2)  (8, 3,-1)  (8,3,0)  (9,H,0). 


Let  (GP,3,y)  be  a  non-determ i ni st ic  Interpreted  program,  and 
de  any  fixed  execution  sequence  of  l<£Lp,3,Y>j. 

Let  vcV  be  any  vertex  of  Gp,  and  6  be  a  specified  total  predicate 
from  <D^)n  into  |.T,F j. 

Then, 

1 .  6  i  s  ca  I  I ed  a  valid  predicate  of  ^  for  *^P/3fV>/ 

If 

V?,  *?c(0-)n:  j_f  for  some  XcL,  there  exists  a  triple  of  the 
o 

form  (X,v,5)  In  <£^,3*^'  then  6(5)  =  T. 

2.  6  is  ca  I  led  the  m  in  ima  I  va  I  id  pred  icate  of  v  for  <Gp,3,y> 
if 

V?,  6(f)  =  T  if  and  only  If  for  some  IcL,  there 

v5 

exists  a  triple  of  the  form  (Z,v,£)  in  <dGP,3,Y>* 
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5.2  leak  Termination 


Let  Gp  be  any  abstract 
Gp  by  applying  Algorithm  I 


program,  and 
(see  sec.  3.1). 


be 


the  wff  obtained  from 


Definition  7 

A  non-determi nl sti c  program  (Gp,g)  Is  said  to  terminate  weakly.  If 
Vy,  yc(D^)m,  there  exists  at  least  one  finite  execution  sequence 
in  l<GP,3,y>J. 


The  proof  of  the  following  theorem  Is  similar  to  the  proof  of 
Theorem  1  in  sec.  3.2. 

Theorem  5 

The  non-determi ni Stic  program  (Gp,3>  terminates  weakly, 
if  and  only  If 

%p'^*  unsati sfiable  [or  equivalently,  (~Vkp,3)  Is  valid]. 


Definition  8 

A  non-determi  ni  stic  abstract  program  Gp  is  said  to  terminate 
weakly  if 

for  every  i  nterpretation  3,  the  program  (Gp,3>  terminates  weakly. 
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The  proof  of  the  foi  lowing  theorem  follows  from  Theorem  5  and 
Definition  8  (see  the  proof  of  Theorem  2  in  sec.  3.3). 

,Ih99C3flL6 

The  non-determinl stlc  abstract  program  Gp  terminates  weakly, 

I f  and  only  If 

is  unsat  I  sf  lab  I  e  [or  equivalently,  Is  valid]. 
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5.3  The  Algorithm  to  Construct 

In  this  section  we  shall  describe  an  algorithm  to  construct  from 
a  given  abstract  program  Gp  a  wff  llj^.  In  the  next  section  we  shal  I 
state  results  about  the  relation  between  Gp  and  U^. 


Algorithm  3 

Let  Gp  be  any  non-determ I ni stlc  abstract  program  with  program 
variables  x  =  (X| ,x2# . . . *xn),  n  >  I,  and  input  variables  y  =  (y j ,y2# • • • #Y, 
m  ^  0.  We  shal  I  construct  the  wff  in  three  steps: 

§t?P  1 

Associate  with  every  vertex  v^  of  Gp  a  predicate  variable  qj , 
where  the  q^s  are  distinct  n-adic  predicate  variables. 

StftP  l 

Let  Vj  be  any  vertex  of  Gp  (v.  t  H). 

Let  0f(,cr2,...,crN  be  the  set  of  all  the  arcs  leading  from  v?  to 
v.  ,v.  ; .  i , |V.  respectively.  In  step  I  we  have  associated  with  the 

*1  2  ‘n 

vertex  Vj  the  predicate  variable  q(  and  with  the  vertex  v^  ,  I  <  j  <  N, 

the  predicate  variable  q,  . 

‘j 

We  shall  define  the  wff  W  (the  wff  of  the  vertex  v.)  as 

vi 

V  V**  c^j  Aq'j  (V] 

an. 
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t,  | f  V|  ■  S  (1 .6. ,  V|  Is  the  start  vertex  of  Gp),  then  replace 

the  occurrence  of  q,(x)  In  W  by  T,  and 
1  vl 

2  If  v  -  H  (l.e.,  v.  Is  the  halt  vertex  of  Gp),  replace  the 

'j  Jj 

occurrence  of  q,  (t  )  In  W  by  F . 

'j  ' 


?tw,  i 

Let  v,,v_,...,vu  be  the  set  of  all  the  vertices  of  GP  (except  H), 
I  2  M 

then  def  I  ne  as 


Ubp: 


<x)[W„  A  W  A  ...  A  W  ] 


(I) 


'Note  that  the  input  variables  y  are  free  variables  In  Ujjp. 


[Jul'J 


The  wff  of  the  non-determ!  nl  stlc  abstract  program  up*  of 

sec.  5.1  will  be  constructed  as  follows: 


T  3  l[~p(y)  A  q,  (a) ]  V  [p(y)  A  q3<y>]J 
q^x)  3  it~p(x)  A  q2<f(x>)]  V  [p<x)  A  q3<x)]} 

W  :  q2(x)  =>  l[~p(x)  A  p(t(x>»  A  q3(a)]  V  [p(x)  a  q3<a)l  V  [~p(x)  A  F]J 
W3:  q3(x)  3  U~p<x>  A  q3(f(x))]  V  [p(x)  A  F]|. 


Then  by  step  3  it  follows  that 


is  <x)[W-  A  W.  A  W,  A  W  ]. 
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5.4  Strong  Terml nation  of  Non-Determ I nistlc  Programs 


Definition  .3 

A  non-determ I n I st I c  program  <GP,3)  Is  said  to  terminate  strong, U 


If 


Vy,  y«(D  )m,  all  the  execution  sequences  In  (<CP,3,^}  are  finite. 

3 


Theorem  7 

The  non-determ  1  nistlc  program  (Gp,3>  terminates  strongly 
If  and  only  If 

<Ub<’,3>  ,S  unsat,stloble  I°r  adulvolent^,  ls  valid]. 


Proof 

We  shall  prove  that  <C<\3)  does  not  terminate  strongly  If  and 
only  If  18  satlsf lable. 

I.  (Gp,3>  does  not  terminate  strongly*  ls  satlsf  lable. 

If  (Cp,3>  does  not  terminate  strongly,  there  exists  a 
y,  y«(D  )m,  and  an  execution  sequence  4JP,3,y>.  «CP.3*Y>*l<^<5»3'V>J» 

3 

which  Is  Infinite. 

Let  us  assign  to  each  predicate  variable  q,  In  U^p,  the  minimal 
valid  predicate  of  the  vertex  v,  for  the  execution  sequence  <CP,3,V>. 

Note  that  since  the  execution  sequence  <£P,3»Y>  Is  infinite,  l.e., 
control  never  reaches  the  halt  vertex.  It  follows  that  the  predicate  F 
Is  the  minimal  valid  predicate  of  the  vertex  H  for  «CP,3#Y>* 

Let  r  consists  of  the  above  assignments  for  the  q^s  and  with  Y 
assigned  to  y.  Following  the  construction  of  1^,  (see  sec.  5.3, 
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•specially  note  the  V  connective  used  In  step  2),  It  Is  clear  that  the 
value  of  (U^,3,r)  Is  T,  l.e.,  (^,3)  Is  satlsflable.  This  completes 
the  proof  In  one  direction. 

2.  satlsflable  *  (GP,3)  does  not  terminate  strongly. 

I f  fl^p#3)  *s  satlsflable,  there  exist  an  assignment  T  for 

such  that  the  value  Is  T.  T  consists  of  assignments 

of  specified  total  predicates  6},  mapping  (tyn  Into  {T,Fj,  for  the 
predicate  variables  q^ ,  and  an  assignment  y,  Y«(Cym#  for  the  free 
variables  y. 

By  the  construction  of  this  Implies  that  each  6(  Is  a  valid 
predicate  of  the  vertex  v{  for  some  execution  sequence  <^#3'^# 
<^P/3»V>sl<Cf>#3'V>}#  and  therefore  thaf  F  Is  a  valid  predicate  of  the 
halt  vertex  for  «CP#3'Y>. 

This  implies  that  the  execution  sequence  <GP ,3 ,y>  is  infinite 
(l.e.,  execution  does  not  reach  the  halt  vertex).  So,  (PP,3)  does  not 
terminate  strongly. 


q.e.d. 
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The  above  result  can  be  used  to  prove  the  convergence  of 
recursively  defined  functions. 

Let  us  consider,  for  example,  the  functions  F((x)  and  F2(x) 
defined  recursively  by  the  following  Algol  conditional  statements: 

F |  (x)  •  JX  x  ■  0  then  1 

else  ]f  x  >  0  then  2  *  F|  <x-l ) 

else  F2<-x)  #  F|(x+I); 


f2<x)  -  it  x  »  o  itaa  2 

else  Ji.  x  <  0  then  3  *  F2<x+2)  +  7 
else  lFj(l-x)J2. 

Suppose  that  we  want  to  prove  that  for  every  Integer  x,  the 
recursive  process  of  computing  F|<x)  and  F2(x)  terminates.  We  can  use 
Theorem  7,  since: 

for  every  integer  x,  the  recursive  process  for  computing  F|(x) 
and  F2<x)  terminates, 
if  and  only  If 

the  following  non-determ  In  I  st  I c  program  (over  I)  terminates 
strongly. 


5.5  Strong  Termi nation  of  Non-Deterroi  ni Stic  Abstract  Programs 


Definition  10 

A  non-determlni  stlc  abstract  program  Gp  is  said  to  terminate 
strongly ,  If  for  every  Interpretation  3#  the  non-determ i ni st 1c  program 
CP ,3*  terminates  strongly. 


The  following  theorem  follows  from  Theorem  7  and  Definition  10. 
Theorem  8 

A  non- deter  ml  nl  stlc  abstract  program  GP  terminates  strongly 
I f  and  only  If 

Xp  ls  unsat  I  sf  iab  le  [or  equivalently,  Is  valid]. 

Proof 

GP  terminates  strongly, 

If  and  only  If  (follows  by  Definition  10) 

for  every  Interpretation  3#  the  non-determ  i  ni  st  ic  program  <Gp,3) 
terminates  strongly. 

If  and  only  If  (follows  by  Theorem  7) 

for  every  I  nterpretatlon  3,  Is  unsat  i  sf  iab  le, 

I f  and  only  if 

i s  unsati sf labie. 
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Theorem  8  Is  a  generalization  of  Theorem  2  of  sec.  3.3.  Moreover , 
all  the  results  presented  In  sec.  3.4  (Corollaries  I  and  2)  can  also 
be  generalized  for  the  strong  termination  of  non-determlnl Stic  abstract 
programs. 
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PART  II 


Introduction 

Since  Part  I  and  Part  II  of  the  thesis  ore  Intended  to  be  self- 
contained  units,  the  background  Information  necessary  to  understand 
Part  II  Is  entirely  contained  In  this  part. 

An  Interpreted  graph  IG  consists  of  a  finite  directed  graph,  and 

1,  With  each  vertex  v,  there  is  associated  a  domain  Dy,  and 

2,  With  each  arc  a  leading  from  vertex  v  to  vertex  v1,  there  are 
associated  a  total  test  predicate  PQ  (Dy  -►  lT,Fj),  and  a  total 
function  ffl  (Dy  A 

Let  us  represent  by  a  state  vector  x  the  current  values  of  the 
variables  during  an  execution  of  an  Interpreted  graph  IG,  An 
execution  sequence  of  IG  may  start  from  any  vertex  v  with  any 
Initial  state  vector  x^cD^,  The  domain  Is  the  set  of  all 
possible  state  vectors  at  vertex  v,  Pfl  represents  the  condition  that 
arc  a  may  be  entered  from  Its  origin,  and  fQ  represents  the  operation 
of  changing  the  state  vector  x  to  ffl(x)  when  control  moves  along 
arc  a,  in  general,  the  flow  of  control  through  an  Interpreted  graph 
Is  a  non-determ i n I st I c  process,  l.e.,  more  than  one  arc  may  be 
entered  from  a  given  vertex  with  a  given  state  vector.  Execution 
will  halt  on  vertex  v*  with  state  vector  x,  if  and  only  If  no  predicate 
on  any  arc  leading  from  v  Is  true  for  x. 
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An  Interpreted  graph  terminates  If  and  only  If  all  the  execution 
sequences  of  IG  terminate. 

In  this  part,  two  necessary  and  sufficient  conditions  for  the 
termination  of  Interpreted  graphs  are  described.  The  first  condition 
(Theorem  I)  Is  defined  by  means  of  well-ordered  sets  and  the  properties 
of  the  cycles  of  the  graph,  while  the  second  condition  (Theorem  2)  Is 
defined  by  means  of  the  strongly  connected  components  of  the  graph. 

Floyd  [ 1 967 ]  has  discussed  the  use  of  well-ordered  sets  for 
proving  the  termination  of  programs. 

These  results  have  applications  In  proving  termination  of  various 
classes  of  algorithms,  such  as  deterministic  and  non-determ  In  1st  l  c 
programs  and  recursively  defined  functions. 
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CHAPTER  Is  MATHEMATICAL  BACKGROUND 

* • *  We  I l-Ordered  Sets 

A  pair  (S,  >)  Is  cal  led  an  ordered  provided  that  S  Is  a  set 
and  >  Is  a  r  jlatlon  defined  for  every  pair  of  distinct  elements  a 
and  b  of  S  (and  only  between  distinct  elements),  and  satisfies  the 
following  two  conditions: 

1.  If  a  t  b,  then  either  a  >  b  or  b  >  a; 

2.  If  a  >  b  and  b  >  c,  then  a  >  c  (l.e.,  the  relation  Is 
transitive). 

A  we  1  l-ordered  set  W  Is  an  ordered  set  (S,  >)  In  which  every 
non-empty  subset  has  a  first  element;  equivalently.  In  which  every 
decreasing  sequence  of  elements  a  >  b  >  c  ...  has  only  finitely  many 
elements. 

Examples: 

1.  l|+~  the  se***  of  all  non-negative  Integers  well-ordered  by 
Its  natural  order,  l.e.,  {0,  I,  2,  3,  ...J. 

2.  I  +  -  the  set  of  all  n-tuples  of  non-negative  integers  for 

n 

some  fixed  n,  n^  I,  well-ordered  by  the  usual  lexicographic 
order,  l.e,, 

<a,,a2,...,an)  >  (b,  ,t>2,. . .  ,bn> 

If  and  only  If 

a,  =  b,,  a0  *»  bof...,a,  =  b.  , »  aL  >  b.  for  some  k,  I  £  k  ^  n. 

|  12  2  k—  I  K—  I  K  K 
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3.  I.  -  the  s.t  of  all  Infinite  monotone  non- Increasing  sequences 
of  non-negative  Integers  with  finitely  many  non-zero 
entitles0’  well-ordered  by  the  usual  lexicographic  order, 

I  •  ®  e  9 

If  and  only  If 

®l  *  bl'  °2  *  b2',,,,ak-l  "  bk-l’  °k  >  bk  for  so'ne  k*  •  £  k. 


1.2  D I recteq  Graphs 

A  directed  .graph  G  (graph,  for  short)  Is  an  ordered  triple  <V,L,A> 
where : 

1.  V  Is  a  non-empty  set  of  elements  called  the  vertices  of  G; 

2.  L  Is  a  non-empty  set  of  elements  called  the  labels  of  G;  and 

3.  A  Is  a  set  of  ordered  triples  (v,i,v»),  where  v«V,  v'eV  and 
i«L.  These  triples  are  called  the  arcs  of  G. 

If  V  and  L  are  finite  sets,  G  is  called  a  finite  directed  graph. 


.  !,e?;  Infinite  sequence  (a.,a_,a,,...)  Is  In  the  set  If 

and  only  If  3 1,  |  ^  s.t.  1  2  3 

Vl(l  <  /);  Is  a  positive  Integer  and  8|  ^  aj+|*  and 

VICI  i  A):  a,  =  0. 

For  example,  (5, 5, 4, 3, 3, 3, i,  1 ,0,0, . . . )  is  an  element  in  this  set. 
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l*t  8  “  *>•  ®n  arc  of  a  directed  graph.  Than  we  dafina: 

1.  v  -  tha  Initial  vartax  of  tha  arc, 

2.  1  -  tha  labal  of  tha  arc, 

3.  v'  -  tha  tormina  I  vartax  of  tha  arc. 

^nd  wa  she  1 1  say  that  tha  arc  a  leads  from  tha  vartax  v  ift  tha 
vartax  v'. 


Lat  v  ba  a  vertex  of  a  directed  graph.  Then, 

1.  The  number  (finite  or  Infinite)  of  all  arcs  a«A,  s.t.  v  Is 

the  Initial  vertex  of  a.  Is  called  the  out-degree  of  v. 

2.  The  number  (finite  or  Infinite)  of  all  arcs  atA,  s.t.  v  Is 

the  terminal  vertex  of  a,  is  called  the  In-degree  of  v. 


A  .f.ln|te  j>ath  Cf  a  graph  G  (gath,  for  short)  Is  a  finite  sequence 
of  n,  n  *  I,  arcs  of  G 


(v. 


V'  (v 


V' 


(vt 


n+l 


[notation: 


v, 


v, 


V, 


n+l 


Da 


s.t.  the  terminal  vertex  of  each  arc  coincides  with  the  Initial  vertex 
of  the  succeeding  arc. 

We  say  that: 

I.  The  path  mgati  the  vertices  v  ,  v  . v  ,  and  these 

I  2  n+l 


vertices  are  £&  the  path. 
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2.  The  path  Joins  the  vertices  v.  and  v,  . 

I  n+| 

3.  The  path  Is  elementary  If  the  vertices  v.  ,  v.  ,...,vt 

*1  2  n+l 

are  distinct. 

4.  The  path  Is  a  cycle  If  the  vertex  v.  coincides  with  the 

'i 

vertex  v^  further  It  Is  an  elementary  cycle  If  In 

addition  the  vertices  v.  ,  v.  ,...,v,  are  distinct. 

1 1  *2  'n 

An  Inf  I n I te  path  of  a  graph  G  Is  an  Infinite  sequence  of  arcs  of 
G  s.t,  the  terminal  vertex  of  each  arc  coincides  with  the  Initial 
vertex  of  the  succeeding  arc.  A  subpath  of  an  infinite  path  Is  a 
oonsecut Ive  subsequence  (finite  or  Infinite)  of  Its  arcs. 

We  define  a  of  a  graph  G  as  a  set  of  vertices  having  the 

property  that  every  cycle  meets  at  least  one  vertex  of  the  set. 

A  graph  G  Is  sold  to  be  strongly  connected  If  there  is  a  path 
joining  any  ordered  pair  of  distinct  vertices  of  G. 

Let  G  be  a  graph  <V,L,A>.  We  define  a  subgraph  G|  *  <V|,L,Aj> 
of  G  as  the  triple  consisting  of  V(,  L  and  A|#  where  V(  Is  a  subset 
of  V  and  AJ  Is  defined  by  A(  •  A  A  (V(  x  L  x  V(). 

A  subgraph  Gj  *  <V|,L,Aj>  of  G  Is  said  to  be  a  strongly  connected 
component  of  G  !ff 

1.  G|  Is  strongly  connected,  and 

2.  For  all  subsets  V2  £  V  s.t.  V2  A  V(  and  the  subgraph 

*  <V2,L,A2>  is  not  strongly  connected. 
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A  tree  T  ■  <V,L,A#r>  is  a  directed  graph  <V,L,A>  with  a 
distinguished  root  rcV,  s.t.  for  every  veV  (v  t  r),  there  is  at  least 
one  path  from  r  to  v. 

We  shall  use  the  following  version  of  Ktfnlg's  Infinity  Lemma: 

A  tree  with  no  Inf  in  ite  paths  and  with  finite  out-degree  for 
every  vertex  -  I  s  finite . 


BLANK  PAGE 
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CHAPTER  2:  DEFINITIONS 


An  interpreted  graph  IG  consists  of  a  finite  directed  graph 
<V,L,A>,  and 

1.  With  each  vertex  vcV,  there  is  associated  a  domain  Dv#  and 

2.  With  each  arc  a  =  (v^vMcA,  there  Is  associated  a  total 
test  predicate  (D^  -►  {T,Fj),  and  a  total  function 


Let  <v(o),x(o))  c  V  x  D  ^  be  an  arb itrary  vector  of  an 
interpreted  graph  IG. 

An  (v(Q)  .x(0) )  -  execution- sequence  of  IG  is  a  (finite  or 
Infinite)  sequence  of  the  form 


(v(o)>x(o))  (v(l)  (I),  illi  (v(2)  (2,} 


where, 

1 .  v^cV,  X^^cL  and  x^cD  ,  for  all  j  ^  0. 

v 

2.  If  (v^,x^)  ^  — >  (v(J  +  l),x(Jfl))  is  in  the  sequence,  then 

there  exists  an  arc  a  =  (v * ^  ,X^ *  ,v^  +  ^ ) cA  s.t.  P  x^*  = 

a 

True  and  t  x(j>  =  x(j+l). 
a 

3.  If  the  sequence  is  finite  and  the  last  vector  in  the  sequence 

is  (v(n),x(n)),  then  for  all  arcs  aeA  leading  from  v*n^: 

P  x(n)  =  Fa Ise. 
a 
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By  the  definition  of  Interpreted  graphs,  there  may  exist  In  an 

Interpreted  graph  IG:  a  vertex  v«V,  a  state  vector  x«Dy,  and  two 

distinct  arcs  a,bcA  leading  from  v  -  s.t.  both  Pflx  *  True  and 

P  x  *  True,  l.e.,  the  predicates  on  all  arcs  leading  from  the 
b 

vertex  v  are  not  necessarily  mutually  exclusive.  It  follows,  that 
for  the  fixed  vector  <v(o),x(o))  c  V  x  0  (q),  there  may  exist  many 
distinct  (v(0),x(0))  -  execution  sequences  of  IG.  For  this  reason, 
the  execution  process  of  an  Interpreted  graph,  starting  with  the 
vector  <v(o),x(o)),  Is  described  by  a  tree. 

The  execution  tree  T(v^°^.x^)  Is  the  tree  <V9fL» A1,  (v  ,x  )>, 
where, 

1.  The  set  of  vertices  V1  Is  the  set  of  all  vectors  (v,x)  «  V  x  Dy 
s.t.  there  exists  an  (v(o),x(o))  -  execution  sequence  of  IG 
that  contains  the  vector  (v,x). 

2.  L  Is  +he  set  of  labels  of  IG. 

3.  The  set  of  arcs  A*  Is  the  set  of  all  triples  ((v,x) ,i, (v*,y) ) 
c  V*  x  L  x  V1  s.t.  there  exists  an  (v(o),x*o))  -  execution 
sequence  of  IG  that  contains  (v,x)  ^(v',y). 

4.  (v(o),x(o))cV'  is  the  root-vertex  of  the  tree. 
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£x»"Pl« 

Consider  the  Interpreted  graph  If* 


ut 


(where  I  Is  the  set  of  the  Integers). 

There  are  three  (1,-4)  -  execution  sequences  In  IG*,  l.e., 
three  execution  sequences  that  start  from  the  vertex  I  with  x  *  -4, 

(I)  (1,-4)  l  (2,-2)  l  (2,0), 

(il)  (1,-4)  \  (2,4)  1  (1,-3)  l  (2,-1)  l  (2,1)  i  (1,0),  and 

(III)  (1,-4)  l  (2,4)  1  (1,-3)  i  (2,3)  i  (1,-2)  *  (2,2)  1  (1,-1)  l  (2,1)  1  (1,0). 


The  execution  tree  T(l,-4)  of  IGP  Is: 
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CHAPTER  3s  TERMINATION  OF  INTERPRETED  GRAPHS 
3.  |  Termination  of  Interpreted  Graphs  (Theorem  U 

Definition 

An  Interpreted  graph  Is  said  to  1 f  a  1 1  l+s  execution 

sequences  are  finite  • 


Notations 

Let  ot  s  (a  j  #82*  •  •  •  # 

|  ^  j  <  q,  be  any  path  of  an 

1,  f  x  stand  for  f  (. 

% 

2,  P  x  stand  for 

or 

x«D  (|)  A  P  XA  Pa 
V  I 


where  o.  =  (v(j),A(j),v(j+l))cA  for 
Interpreted  graph.  Then  let 

..(f  (f  x))...),  and 
a2  °l 


(f  x)  A  P  (f  (f  x))  A  ... 


2  “I 


a3  a2  a, 


(...(f  (fa  x))...))  A  fax»D  (q+h. 


a2  °l 


Lemma 

_^f  an  Interpreted  graph  IG  terminates, 

then  there  exists  for  every  vertex  v*V  a  total  function  Fv 
which  maps  Dy  Into  I,+,  such  that  for  every  arc  a  =  <v,i,v')  of  IG  and 
for  every  x  s,  +  .  P  x  =  True: 

V*)  >  Fv.tfa(x>). 

'|.e.,  V(v,x) ,  (v,x)*V  x  Dy,  all  the  (v,x)  -  execution  sequences 
are  finite. 
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Erooi 

Assuming  that  IG  terminates,  we  have  to  specify  Fy(x)  for  arbitrary 

vcV  and  x«D  . 

v 

Since  IG  terminates,  we  know  that  the  execution  tree  T(v,x)  has 
no  Infinite  paths.  Moreover ,  since  every  vertex  of  T(v,x)  has  a 
finite  out-degree  It  follows  by  Konlg's  Lemma  that  T(v,x)  Is  finite, 

l.e,,  has  finitely  many  vertices. 

So,  let  Fy(x)  be  the  number  of  vertices  In  T(v,x), 

Now,  It  Is  easy  to  verify  that  for  this  choice  of  Fy  the  condition 
is  satisfied. 

q.e.d. 


Theorem  I 

An  Interpreted  graph  IG  terminates  I f  and  only  jj  there  exist: 

1.  A  cut  set  V*  of  the  vertices  V  of  IG,  and 

2.  For  every  vertex  v«V#,  a  well-ordered  set  W  =  (S  ,  >  )  and 

V  V  V 

a  total  function  F  which  maps  0  Into  S  , 

V  V  v 

such  that, 

3.  For  every  cycle  a  of  IG: 
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V(l)  ill!  v(2>  i!fj  v<3>  v(q-l)  v(q)  il!!  V<D 

(where  v(l)*V*  and  v<k>  t  v(l)  for  all  I  <  k  ^  q),  and  for 
every  x  s.t.  P^x  =  True: 


F 

v 


(I) 


(x) 


(I) 


(f  x) . 
o i 


Proof 

m  Necessary  condition  for  termination. 

Follows  directly  from  the  lemma  (with  V*  =  V  and  =  1 +  for 
every  v,  vcV). 

m  Suf f i c i ent  cond i t ion  for  term i nat i on . 

Proof  by  contradiction. 

Let  us  assume  that  IG  does  not  terminate,  i.e.,  there  exists  an 
infinite  execution  sequence  y  in  IG, 

Y:  (v(o).x(o))  (v(l),x(l))  ill!  (v(2)  x(2)) 

*  '  '  '  9 

Let  y'  he  the  infinite  path 


y  1 :  v 


.  „(0)  yd)  AH!  V(2)  ^ 


.(I) 


(2) 


Since  IG,  by  definition,  consists  of  a  finite  directed  graph, 
and  since  y'  is  an  infinite  sequence  -  it  follows,  that  there  exists 
at  least  one  elementary  cycle  B  in  IG,  that  occurs  (as  a  subpath) 

Inf  i  n  i  te  I  v  many  times  in  y*. 
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Since  V*  I  s  a  cut  set,  it  follows  that  there  exists  a  vertex 
v*tV*  that  i  s  on  0.  This  implies  that  v*  must  occur  Infinitely  many 
times  i n  Y 1 . 

(n^)  (n2)  (n,) 

Let  v  ,v  ,v  f . . .  (0  <  nj  <  n^+}  for  j  ^  I ) ,  be  the 
infinite  sequence  of  all  occurrences  of  the  vertex  v*  in  y'. 
Therefore,  the  infinite  execution  sequence  y  can  be  written  as 


,  .(o)  <n.)  (n.)  /V 

V :  (v(o\x(o))  i—  ...  (v  1  ,x  1  )  * - * 


(n  )  (n,)  #<n2)  (n.)  (n,)  /V 

(v  2  ,x  2  )  i - ►  ...  (v  3  ,x  3)  - - ► 


Then,  by  condition  (3)  it  follows  that 

(n.)  (n?)  (n*) 

Fv*(x  5  V  Fv*(x  »  V  Fv*(x  >  yv*  •••  • 

i.e.,  there  i  s  an  infinite  decreasing  sequence  in  W^.  But  this 
contradicts  the  fact  that  W  -  Is  a  well-ordered  set. 

Y* 

q.e.d. 


The  following  corollaries  follow  directly  from  the  lemma  and 


Theorem  I . 
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Coro  I  I  ary  I 

An  interpreted  graph  IG,  which  has  a  vertex  v*  common  to  all 
Its  (elementary)  cycles,  terminates 
i f  and  only  i  f 

there  exist  a  well-ordered  set  W  =  (S,  >)  and  a  total  function  F 
which  maps  D^#  into  S,  such  that  for  every  elementary  cycle 

or:  V  +  ...  +  v*  and  for  every  x  s.t.  P  x  «*  True: 

Of 

F(x)  >  F ( f  (x)>. 


Coro  I  I  ary  2 

An  interpreted  graph  IG  terminates 
i f  and  only  i  f 
there  exist: 

1.  A  cut  set  V*  of  the  vertices  V  of  IG, 

2.  A  well-ordered  set  W  =  (S,  >),  and 

2.  For  every  vertex  vfV*,  a  total  function  F  that  maps  D 

v  v 

into  S, 

such  that 

4.  For  every  elementary  path  a  of  IG: 


v 


(I) 


v(q-l>  - -  v(q> 


(where  v 


(I) 


v(q)*V*  and  v(^V*  for  all 


1  <  J  <  q) , 


08 


and  for  every  x  s.t.  P^fx)  =  True: 

FVCI)(X>  *  F  <q)(VX))- 

V  V 


3.2  Termination  of  Interpreted  Graphs  ( Theorem  2) 

Let  IG  be  on  interpreted  graph  constructed  from  the  finite 
directed  graph  G. 

Then  a  strongly  connected  component  IG^_  of  IG  consi  sts  of  a 
strongly  connected  component  G1  =  <V\L,A'>  of  G,  and  in  addition, 

'•  Wl+h  each  vertex  vcv',  there  is  associated  the  domain  0 

V 

Of  IG,  and 

2.  With  each  arc  a«A\  there  are  associated  the  test-predicate 
pa  and  the  function  f  of  IG. 


Theorem  ? 


An  interpreted  graph  IG  terminates 
i  f  and  on  I v  j  f 

all  its  strongly  connected  components  terminate. 


22i 

*  Necessary  Condition  for  Termination 

Follows  directly  from  the  definition  of  termination  of 


interpreted  graphs. 
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*  i9i?nt  Condition  for  Termination 
Proof  by  Contradiction. 

Let*s  assume  that  IG  does  not  terminate,  i.e.,  there  exists  an 
j  nf  I  ni  te  execution  sequence  y  in  IG, 


y:  <v(o),x<o)>  ill!  <v(' Vh  li!i 

Let  y  '  be  the  infinite  path 


(v‘2V2>> 


(o) 


(o) 


(  I  )  i 


(!) 


(2)  i 


(2) 


Since  IG,  by  definition,  consists  of  a  finite  directed  graph 
G  -  It  follows  that  IG  contains  finitely  many  vertices.  So  clearly, 
there  are  only  finitely  many  vertices  of  G  that  meet  y 1  only  a  finite 
number  of  times.  Let  v  ,v  2,...,v  «>  (0  <  n .  <  nj+ (  f  or 

*  >  be  the  list  of  their  occurrences  Iny'. 

It  follows  that  all  the  vertices  v(j)  ( j  >  n  )  of  y ' ,  are  in 
some  strongly  connected  component  G*  of  G. 

This  implies  that  there  exists  a  strongly  connected  component 
IG'  of  IG,  s.t.  the  _j_nf  i  ni  te  subsequence  of  y: 


(n~2  • )  (n  _) 


(v(V',.x(v*),  Lll  (v(w.(V2>  <V2 


is  an  infinite  execution  sequence  ol  IG1,  i.e.,  IG1  does  not  terminate. 
Contrad i ct  i  on . 


q.e.d 
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CHAPTER  4:  APPLICATIONS 

The  results  of  Chapter  3  can  be  used  for  proving  termination  of 
various  classes  of  algorithms.  In  this  section  we  shall  illustrate 
the  use  of  those  results  for  proving  termination  of: 

1 .  Programs,  and 

2.  Recursively  defined  functions. 


In  the  first  example,  we  shall  use  the  notion  of  valid 
j  nterpretation.  Roughly  speaking,  a  valid  interpretation  of  a  flow¬ 
chart  is  a  mapping  of  its  test-boxes  to  propositions,  such  that,  if 
the  test-box  0  is  mapped  to  the  proposition  q,  and  if  the  flow  of 
control  through  the  flowchart  can  reach  the  test-box  B  with  5  as  the 
value  of  the  state  vector,  then  q(5)  =  True  (see  Floyd  [1967]). 


4. 1  Example  I  : 

Consider  the  program  (Figure  I)  for  evaluating  a  determinant 
la.jl  of  order  n,  n  ^  I,  by  Gausian  elimination.  Where, 


D 

(a.  .) .  .  . 

1  J  I  <  1  ,  J  <  n 

i , 

n 


real  variable, 
real  array, 
integer  variables, 
integer  constant. 


[We  consider  the  division  operator  over  the  real  domain  as  a 

total  function,  by  interpreting,  for  example,  —  as  — —jr  for  every 

ICf 

real  r.] 
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Figure  I 


- n  positive  integer 


k  -  J 


O  • > 


yes 


I  k  ♦  | 


> 

♦  1 

J 

■ 

no 

IS 

n 

- 

GD 


yes 


<D 


'r 


(I  £  k  £  n)A 
(k#n  integers) 


q2: 


j  ( )  £  k  <  n  -  I ) 

A  (2  £  I  <  n  +  I) 

A  (i,k,n  integers) 


i  4-  i  ♦  | 


q3: 


( I  <  k  £  n  -  I ) 

A  (2  £  I  <  n) 

A  <k  +  *  £  j  <  n+l ) 

A  ( i ,  j#k,n  i nteger s ) 


Figure  2 


(l.j.k) 


i,k)  -  (I 


(I  £  •»  £  n) 

n  integers) 


■  p 

V  A(k, 


<l,j,k)  Mk+I,j,k) 


(I  £  k  £  n  -  I ) 
A(2  $  I  £  n  ♦  I) 
A(l,k,n  Integers) 


(l,n,k) 

(I  £  k  £  n  -  I) 

A(2  £  I  £  n) 

A(k  £  j  £  n) 
A(l,j,k,n  Integers) 


Figure  3 
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W©  want  to  show  that  the  program  termi nates  for  every  positive 
i nteger 


Since  neither  D  nor  any  a.  ^  occurs  in  a  test-box  or  affect  the 
value  of  any  variable  that  occurs  in  a  test-box,  it  is  clear  that  by 
erasing  the  following  three  assignment  boxes: 


D 


D 


,  and 


a 


j 


kj' 


we  do  not  change  the  termination  properties  of  the  program.  In  other 
words, 

For  every  integer  £,  the  original  program  (F i gure  _[_)  term! nates 
il  and  only  21  22^  reduced  program  (Figure  2>  terminates. 


One  can  verify  easily  that  the  set  of  predicates  attached  to  the 
test-boxes  of  the  flowchart  of  Figure  2  -  considering  the  initial 
predicate  "n  positive  integer"  -  is  a  valid  interpretation. 


Let's  construct  now,  from  the  reduced  program  (Figure  2),  the 
appropriate  interpreted  graph  (Figure  3),  s.t.  each  vertex  i, 

I  <  i  <  3,  of  Figure  3  corresponds  to  the  test-box  B.  of  Figure  2, 
and  its  domain  D.  is  exactly  the  valid  interpretation  q.  of  Figure  2. 
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Note  that  we  have  used  theorem  2  here,  by  considering  only  the 
strong  I y  connected  component  of  our  graph. 

It  is  clear  that, 

—  i  nterpreted  graph  (Figure  3)  terminates,  then  the 
— juced  £T° 2ram  (.Fi2ure  2)  terminates  for  every  positive  i nteger  n. 


Now,  use  corollary  2,  where 

V*  =  i.2,3J  Is  the  cut  set, 

W  =  I-j  is  the  well-ordered  set, 

=  (n-l-k,  n+l-i,  n+l)  is  the  mapping  of  into  W,  and 

F3^i#j#k)  3  (n-l-k,  n+l-i,j)  is  the  mapping  of  into  W. 

Note  that  when  control  moves: 

(i)  along  the  path  ba,  the  value  of  k  is  increased  by  I 
(i.e,,  the  value  of  n-l-k  is  decreased  by  I), 

(ii)  along  the  arc  d,  the  value  of  k  is  not  changed  while  the  value 
of  i  is  increased  by  I  (i.e.,  the  value  of  n+l-i  is  decreased 
by  I), 

(iii)  along  the  arc  c,  the  values  of  k  and  i  are  not  changed  while 
j  is  assigned  the  value  n,  and 

(iv)  along  Che  arc  e,  the  values  of  k  and  i  are  not  changed  while 
the  value  of  j  is  decreased  by  I. 

Therefore  it  follows,  by  Corollary  2,  that 
i  nterpreted  graph  (F i  gure  3)  term!  nates. 
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This  implies  that  our  Gaussian  elimination  program  (Figure  I) 
terminates  for  every  positive  integer  n. 


4 .2  Example  2: 

Consider  the  function  gcd(x,y)  (McCarthy  [i960]).  gcd(x,y) 
computes  the  greatest  common  divisor  of  x  and  y  (where  x  and  y  are 
positive  integers),  and  is  defined  recursively  using  the  Euclidean 
Algorithm  by 

gcd (x , y )  =  [x  >  y  -►  gcd(y,x); 

rem(y,x)  =  0  -►  x; 

T  -►  gcd  (rem(y  ,x )  ,x )  ] , 

where  rem(u,v)  is  the  remainder  of  — . 


The  Algol  meaning  of  this  definition  is: 
gcd(x,y)  =  jj.  x  >  y  then  gcd(y,x) 

e I se  i f  rem(y,x)  =  0  then  x 

e I se  gcd (rem(y , x ) ,x ) . 

We  want  to  show  that  for  every  pair  (x,y)  of  positive  integers, 
the  recursive  process  for  computing  gc1(x,y)  always  terminates. 
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(x,y>  ♦  (rem(y,x),x)  (x,y)  -  (y,x) 


F i gure  4 

Eiy  considering  vertex  I  in  Figure  4  as  representing  the  start 
of  the  computation  of  ged,  for  each  pair  (x,y),  it  follows  that: 

For  every  pair  of  positive  integers  <x,y>,  the  recursive 
process  for  computing  gcd(x,y)  terminates, 
i  f  and  only  if 

the  interpreted  graph  (Figure  4)  terminates. 

Since  this  interpreted  graph  consists  only  of  one  vertex,  we 
shall  use  Corollary  I  to  show  its  termination. 

So,  let  W  =  I,4  be  the  well-ordered  set,  and  F(x.v)  =  rem(v.x) 
the  mapping  of  D  into  W. 
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Since  the  graph  contains  two  elementary  cycles,  or  and  we  have 
to  show: 

1.  V(x,y):  P  (x,y)  =  True  •  F(x,y)  >  F(y,x),  and 

or 

2.  V(x,y):  P  (x,y)  =  True  =»  F(x,y)  >  F  (rem(y  ,x )  ,x ) . 

p 

Proof : 

1.  P^fx  ,y)  =  True  *  (x,y )cD  A  (x  >  y) 

=»  (rem(y,x)  =  y)  A  (y  >  rem(x,y)  ^  0) 

=>  rem(y,x)  >  rem(x,y) 

*  F(x  ,y )  >  F (y ,x )  . 

2.  Pg(x,y)  =  True  =>  (x,y)cD  A  (x  ^  y)  A  (rem(y,x)  t  0)  A  (rem(y ,x )  ,x )cD 

=*  (x  positive  integer)  A  rem(y,x)  positive  integer 

* 

•  rem(y,x)  >  rem(x ,rem(y ,x ) ) 

=»  F(x#y)  >  F (rem(y ,x )  ,x ) . 


So  by  corollary  I,  it  follows  that  the  interpreted  graph 
(Figure  4)  terminates,  which  implies  the  desired  result. 


*Note  that  for  every  non-negative  integer  x,  and  for  every 
positive  z:  z  >  rem(x,z)  >  0. 
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